Facebook broke the law and faces maximum fine for Cambridge Analytica scandal, UK watchdog says

Zuckerberg: 'I'm really sorry that this happened'
Zuckerberg: 'I'm really sorry that this happened'

Facebook broke British law by failing to safeguard user data, and by not telling tens of millions of people how Cambridge Analytica harvested their information for use in political campaigns, British authorities announced Tuesday. The platform faces a £500,000 fine -- the largest allowed under Britain's data protection law -- from the United Kingdom's Information Commissioner's Office.

The agency launched an investigation into Facebook's data security practices following the revelation in March that political data firm Cambridge Analytica obtained the personal data of as many as 87 million Facebook (FB) users worldwide. Investigators focused on the question of whether anyone involved with the campaigns for or against Brexit misused that information. Investigators have seized dozens of servers and other equipment containing hundreds of terabytes of data.

The ICO released its report shortly after midnight Wednesday in the UK.

Its findings will be of interest to U.S agencies, including the FBI, Federal Trade Commission, and the Securities and Exchange Commission, investigating Facebook's role in the Cambridge Analytica scandal. The British company worked on Donald Trump's 2016 presidential campaign.

Related: Facebook's Cambridge Analytica scandal draws growing federal scrutiny

A source familiar with the inquiries told CNN that the SEC is examining the timing of Facebook's disclosure of the data transfer to investors, while the FTC is looking into whether the data transfer violated a 2011 consent decree that governs how the platform can use consumer information.

Facebook faces mounting scrutiny from lawmakers and regulators concerned about its handling user data and how a Russian operation with ties to the Kremlin exploited the platform to foment discord in the lead-up to the 2016 US presidential election.

Zuckerberg has conceded to lawmakers and the media that his company failed to protect its users, a point Erin Egan, Facebook's chief privacy officer, repeated Tuesday.

"As we have said before, we should have done more to investigate claims about Cambridge Analytica and take action in 2015," she said in a statement. "We have been working closely with the ICO in their investigation of Cambridge Analytica, just as we have with authorities in the US and other countries. We're reviewing the report and will respond to the ICO soon."

The company will have an opportunity to respond to the ICO's proposed penalty before the agency makes a final decision. Damian Collins MP, the chair of the UK parliamentary committeeinvestigating online disinformation, said Facebook must provide further details about how companies like Cambridge Analytica gleaned user information.

Related: Russian company had access to Facebook user data through apps

"Facebook users will be rightly concerned that the company left their data far too vulnerable to being collected without their consent by developers working on behalf of companies like Cambridge Analytica," he said in a statement. "The number of Facebook users affected by this kind of data scraping may be far greater than has currently been acknowledged. Facebook should now make the results of their internal investigations known to the ICO, our committee and other relevant investigatory authorities."

CNNMoney Sponsors