The penalty relates to an inquiry which was opened by the DPC on April 14, 2021, following media reports of more than 530M Facebook users’ personal data — including email addresses and mobile phone numbers — being exposed online.
At the time, Facebook tried to play down the breach — claiming the data that had been found floating around online was “old data” and that it had fixed the issue that led to the personal data being exposed.
https://techcrunch.com/2022/11/28/facebook-gdpr-penalty/