London CNN Business  — 

Ireland’s data regulator has opened an investigation into Facebook for mishandling the passwords for hundreds of millions of its users.

The probe announced Thursday by the Irish Data Protection Commission is the latest in a series of privacy and data investigations targeting Facebook, and could result in billions of dollars in penalties.

Facebook (FB) said in March that it failed to properly mask the passwords for a huge number of users, storing them as plain text in an internal database that could be accessed by its staff.

The Irish regulator, which supervises Facebook because its European headquarters is in Dublin, said it would investigate whether the company had violated new EU data protection laws.

The General Data Protection Regulation, which came into effect in May 2018, significantly tightened the rules on how organizations around the world collect and handle personal data.

Large companies can be fined up to 4% of the annual global revenue for violating the rules. Facebook clocked revenue of $55.8 billion in 2018, which means it could face a fine of up to $2.2 billion.

Facebook said in statement that it would cooperate with the investigation.

“There is no evidence that these internally stored passwords were abused or improperly accessed,” a spokesperson said.

Facebook challenges

Facebook is facing an increasing number of legal and regulatory challenges following a series of data and privacy scandals.

Among the most significant is an ongoing investigation by the US Federal Trade Commission. On Wednesday, Facebook said it had set aside $3 billion to cover legal expenses related to the probe.

On Thursday, the Office of the Privacy Commissioner of Canada said it would take Facebook to court after an investigation found it broke the country’s privacy laws.

A statement from the regulator said that Facebook “refuses to implement recommendations to address deficiencies” related to the Cambridge Analytica scandal.

Facebook has already been fined the maximum £500,000 ($645,000) by UK regulators after data firm Cambridge Analytica accessed information millions of Facebook users without their permission.