Facebook COO Sheryl Sandberg admitted the possibility that additional breaches in personal information could be discovered by current company audits prompted by Cambridge Analytica’s misuse of user data.

“We're doing an investigation, we're going to do audits and yes, we think it's possible, that's why we're doing the audit,” Sandberg told TODAY’s Savannah Guthrie.

Sandberg, along with Facebook founder and chief executive Mark Zuckerberg, have been addressing security concerns since admitting that 87 million Facebook users may have had their data harvested by Cambridge Analytica, the data firm that worked with the Trump campaign during the 2016 election.

Zuckerberg will go before Congress next week as part of the company’s damage control efforts.

Sandberg told TODAY that Facebook takes the responsibility of protecting user information seriously.

Trending stories,celebrity news and all the best of TODAY. This site is protected by recaptcha

“We cared about privacy all along but I think we got the balance wrong,” she said.

Facebook founder and CEO Mark Zuckerberg will testify before Congress next week about the social network's data breach. EPA

The social experience Facebook provides, like connecting virtually with friends and seeing their music playlists, are all examples of data sharing, she pointed out.

“There’s the good cases for sharing and I think we were very idealistic and not rigorous enough and then there’s the possible misuse,” she said. “What we are focused on is making sure those possible use cases get shut down. I’m not going to sit here and say that we’re not going to find more because we are.”

Sandberg said Facebook does not sell or give away user data to advertisers but that the company allows for targeted ads to personalize service.

“We have different forms of opt-out,” she said. “We don't have an opt out at the highest level. That would be a paid product.”

Cambridge Analytica’s breach came to Facebook’s attention about two-and-a-half years ago, but the social media platform failed to take enough security steps afterward to assure the data was secure, Sandberg said.

“We thought the data had been deleted and we should have checked. They gave us assurances and it wasn't until other people told us it wasn't true,” she said. “We had legal assurances from them that they deleted it. What we didn't do is the next step of an audit and we're trying to do that now.”

Both Sandberg and Zuckerberg have taken ownership for the crisis and how Facebook has managed it.

“I run this place with Mark, and I take responsibility for the operational weaknesses we have, for the things we didn't do and we didn't do soon enough,” she said.

Sandberg said she realizes that the Cambridge Analytica breach could result in a change of Facebook leadership. People have the right to ask, as Guthrie did, “should heads roll at Facebook?” she said.

“Those are hard questions and they are the right questions. I can speak for myself. First I serve at the pleasure of Mark and our board and I will be here as long as they think I'm the right person to run this and to lead our response and to make sure that we can rebuild trust with people all over the world,” she said.

“But at the end of the day, the people we hold responsible are me and Mark. Mark knows that, I know that, and we own that responsibility.”