A United Kingdom regulator on Thursday fined social media company Facebook £500,000 (approximately Rs 4.71 crore) for failing to ensure user privacy in the Cambridge Analytica data breach, AP reported. The Information Commissioner Office said a company of “its size and expertise should have known better and done better”.

In the data breach, the private information of 87 million Facebook users was harvested by British political consulting firm Cambridge Analytica, which worked on Donald Trump’s presidential campaign.

The British regulator said the fine imposed is the maximum penalty allowed under the law at the time the breach occurred, between 2007 and 2014. The penalties have since been increased under the new European Union data protection rules . The new rules allow for a maximum fine of up to £17 million or 4% of firm’s global turnover, whichever is higher.

The authority said that Facebook unfairly processed users’ personal information and gave app developers access to their data without informed consent, which led to 87 million people’s details being compromised. “Facebook failed to sufficiently protect the privacy of its users before, during and after the unlawful processing of this data,” said Elizabeth Denham, the information commissioner.

Facebook said it was reviewing the regulator’s decision. “While we respectfully disagree with some of their findings, we have said before that we should have done more to investigate claims about Cambridge Analytica and taken action in 2015,” Facebook said. “We are grateful that the Information Commissioner’s Office has acknowledged our full cooperation throughout their investigation.”

In May, Facebook Chief Executive Officer Mark Zuckerberg had apologised to the European Parliament for a data breach scandal and for failing to control fake news on his social media platform.