Late last week, Facebook quietly revealed that hackers had obtained access tokens for over 50 million user accounts — one of the biggest data breaches in the platform’s history. What’s worse, Facebook also revealed on a conference call this week that the hack was bigger than previously thought, affecting third-party apps like Spotify, Tinder and Airbnb.

Now the fallout has truly begun, with rumblings that Facebook could face over $1.6 billion in fines in Europe. Facebook also got slapped with a class action lawsuit here within hours of disclosing the breach. Senator Mark Warner, vice chairman of the Senate Select Committee on Intelligence, also released a statement calling for a full investigation.

“Today’s disclosure is a reminder about the dangers posed when a small number of companies like Facebook… are able to accumulate so much personal data about individual Americans without adequate security measures,” Sen. Warner said. “This is another sobering indicator that Congress needs to step up and take action to protect the privacy and security of social media users.”

We’re still in the early stages of this latest privacy controversy for Facebook, but it has all the makings of a true disaster for the social media giant. It’s different than previous scandals because in this case, user information was outright stolen instead of being improperly shared. The company will likely have to pay a very steep price for that — especially in regards to trust.