Facebook may be fined as much as $1.63 billion by a European Union privacy watchdog for a data breach announced Friday that compromised the personal information of up to 50 million users.

The hack may have violated the EU's new privacy law, the General Data Protection Regulation, which would result in a hefty fine if EU citizens were affected.

Under the law, companies that don't sufficiently protect user data face maximum fines of 20 million euros ($23 million) or 4% of the company's global annual revenue from the prior year, depending on which sum is larger.

We know of at least two high-profile victims in the data breach: Facebook's CEO, Mark Zuckerberg, and chief operating officer, Sheryl Sandberg.

Facebook may be fined as much as $1.63 billion by a European Union privacy watchdog for a recent data breach announced Friday that compromised the personal information of up to 50 million user accounts.

According to The Wall Street Journal, Ireland's Data Protection Commission, Facebook's lead regulator in Europe, said on Saturday that it demanded more information about the nature and scope of the hack, which may have violated the EU's new privacy law, the General Data Protection Regulation.

The strict new regulation, which took effect in May, aims to safeguard user data for residents of the European Union. Under the law, companies that don't sufficiently protect user data face maximum fines of 20 million euros ($23 million) or 4% of the companies' global annual revenue from the prior year, depending on which sum is larger.

In Facebook's case, the maximum fine would be $1.63 billion, according to The Journal. The case would most likely center on whether Facebook took appropriate steps to safeguard its user data before the breach, it added.

Companies are also required to notify regulators within three days of a potential breach, facing a maximum fine of 2% of their global revenue. Ireland's Data Protection Commission said Facebook notified it of the breach within that time frame, though the report "lacked detail," The Journal added.

The occurrence of a security breach in itself is not enough to warrant a fine, and the new privacy law's fines have yet to be tested. According to The Journal, EU regulators often decline to issue a maximum fine when a company has cooperated at least in part with an investigation.

The tech firm publicly revealed on Friday that it had detected a security breach in which attackers gained access to the personal information of about 50 million Facebook users.

The hackers also gained access to personal information from third-party apps and services like Tinder, Spotify, Airbnb, and Instagram, which allow users to sign up using their Facebook log-in.

It remains unclear who was behind the attack and whether specific people were targeted.

We do know of at least two high-profile victims in the data breach: Facebook's CEO, Mark Zuckerberg, and chief operating officer, Sheryl Sandberg. A company representative confirmed to Business Insider that the two top execs had been affected.