Twitter Inc has alerted a European Union data protection watchdog about the cyberattack it fell victim to last week, days after the company said hackers had targeted just some 130 accounts and didn’t steal any passwords.

The Irish Data Protection Commission is assessing Twitter’s notification about the incident, said Graham Doyle, a spokesman for the regulator. The agency is the lead authority in the EU for Twitter and other US tech companies, which all have their EU headquarters in the country.

Twitter is grappling with the worst security breach in its 14-year history after last week’s hack that compromised the accounts by global political and business leaders, including Democratic US presidential candidate Joe Biden, former US president Barack Obama and Tesla Inc chief executive officer Elon Musk.

The company is still reviewing how the attack was carried out and hasn’t disclosed if any other information from the accounts – such as private messages – was compromised. Its explanation so far has ignited speculation over the identity of the perpetrators and what they were actually targeting. The scale of the endeavour and its timing – months before the November US elections – have prompted some cybersecurity experts to theorise that the attack masked a more nefarious campaign to seize sensitive data.

The San Francisco-based company said it is working closely with regulators.

Those who gained access to the accounts used them to attempt a bitcoin scam, sending tweets asking for people to give them money in exchange for a bigger payment in return. – Bloomberg