Bloomberg reports that the official, Johannes Caspar, says his agency is looking into the matter, but at this point he has received no additional information from Google. Ireland's privacy regulator is reportedly seeking information from the company as well. While Europe's rigorous GDPR protections would have required a different handling of the situation and could have landed Google some hefty fines, the exposure and fix occurred prior to those regulations being put into place and Google will, therefore, likely not be punished under them.

In light of the discovery, Google has introduced new data protection measures and will shut down the consumer version of Google+ in the coming months.