Three investigations over its privacy guidelines hit the social networking giant on a single day.

The first one is a probe by the Irish data protection authority. It is looking into the breach of “hundreds of millions” of Facebook and Instagram user passwords that are stored in plaintext on its servers. The authority will investigate FB under the European GDPR data protection law, which could lead to fines of up to 4% of its global annual revenue for the infringing year.

The second one was when the Canadian authorities confirmed that the social networking giant broke its strict privacy laws. The Office of the Privacy Commissioner of Canada said it plans to take Facebook to federal court to force the company to correct its “serious contraventions” of Canadian privacy law. The findings came in the aftermath of the Cambridge Analytica scandal, which vacuumed up more than 600,000 profiles of Canadian citizens.

Facebook was hit by its third investigation by New York attorney general Letitia James. The state Chief Law enforcer is looking into the recent “unauthorized collection” of 1.5 million user email addresses, which Facebook used for profile verification, but inadvertently scraped their contact lists.

“It is time Facebook is held accountable for how it handles consumers’ personal information,” said James in a statement. “Facebook has repeatedly demonstrated a lack of respect for consumers’ information while at the same time profiting from mining that data.”

Facebook spokesperson Jay Nancarrow said the company is “in touch with the New York State Attorney General’s office and are responding to their questions on this matter.”