Earlier this month, it was reported by multiple agencies that over 509 million Facebook users details were published online and were freely available for a time, and this represents around 20% of people signed up to Facebook.
Evidently, all the records included a phone number and most included names and genders, with a small proportion adding email addresses.
Facebook says that the data was obtained using an exploit which was fixed in 2019, so either it’s old data or there is still an issue. You can read more in the Facebook blog post here.
The ICO appears to be investigating, but I wanted to make sure you knew about a site called haveibeenpwned.com. You can use it to check if your phone was in the Facebook data breach, but also check of phone numbers and email addresses have been involved in other data breaches. It’s run on a voluntary basis but does seem to be kept fairly well updated as data breaches are revealed. Whilst I would not recommend it being the only tool in your IT security armoury, it’s certainly worth a look at https://haveibeenpwned.com/