Regulators in Europe on Tuesday said they have fined Twitter around $546,000 for waiting too long to disclose a data breach.
The fine, announced by Ireland's Data Protection Commission, stems from a security glitch that may have exposed Android users' private tweets between 2014 and the end of 2018.
Twitter discovered the security issue in December of 2018, but didn't report it until January of the following year.
Europe's General Data Protection Regulation requires companies to report breaches that expose personal data within 72 hours of discovery.
The $546,000 figure appears to reflect a compromise between regulators in Ireland, who reportedly sought a smaller fine, and regulators in Hamburg, who reportedly wanted to impose a fine in the $8.5 million to $26.7 million range, according to The Wall Street Journal.
Twitter could have been fined up to $60 million, or 2% of its 2018 global revenue.
European authorities reportedly are also eyeing WhatsApp, among other companies.
Twitter has had several other high-profile privacy and security problems in recent years.
Just five months ago, hackers gained access to accounts of prominent users, including Elon Musk, Jeff Bezos and former President Barack Obama.
The company is facing a possible enforcement action by the Federal Trade Commission investigation for allegedly drawing on users' phone numbers for ad-targeting purposes.
Twitter said recently it expects to pay as much as $250 million to settle allegations that it violated a prior consent decree by allegedly misrepresenting how it would use people's phone numbers and emails.