Facebook could face a $1.63 billion fine if it is found to have violated the General Data Protection Regulation following the company’s latest data breach that impacted more than 50 million users.

Ireland’s Data Protection Commission told the Wall Street Journal that it is concerned that Facebook is unable to clarify the nature of the breach and how it is impacting users.

“Since we’ve only just started our investigation, we have yet to determine whether these accounts were misused or any information accessed,” Facebook said in a blog post. “We also don’t know who’s behind these attacks or where they’re based.”

Hackers utilized a vulnerability in Facebook’s code that impacts its “View As” feature. Under GDPR, companies who do not work to protect user data must pay a maximum fine of €20 million or 4 percent of its worldwide annual revenue for the previous year, depending on which amount totals more.

For the past year, Facebook has used multiple methods to regain the trust of its users following other data breaches and the Cambridge Analytica scandal.

In September, Facebook announced that it would use a “war room” to combat cyber attacks and foreign election influence on its platforms leading up to the midterm elections.

In March, Facebook altered its rules and reduced the amount of information users are required to give to third-party app developers.