The watchdog is looking into the matter after a hacker claimed to have private information for more than 400 million accounts.
The hacker is demanding $200,000 for the data to be handed over and for it to be deleted.
Ireland's Data Protection Commission (DPC) says it will examine the compliance with data protection law of the social networking site.
The claim has not been commented on by the social networking site.
The data is said to include phone numbers and emails, but the size of the haul is not known. The sample has not been made public.
The data of Alexandria Ocasio-Cortez was included in the data published by the hacker, according to The Guardian. The data of Piers Morgan is said to be included.
Press inquiries about the claim have not been responded to.
The cyber-security reporter Brian Krebs requested a response from the chief executive of the company, but he did not.
The BBC is not responsible for the content of external sites.View original tweet on TwitterHey @elonmusk, since you don't seem to have much a media/comms team anymore, can you address the apparently legitimate claim that someone scraped & is now selling data on hundreds of millions of Twitter accounts? Maybe it didn't happen on your watch, but you owe Twitter a reply.
— briankrebs (@briankrebs) December 27, 2022
Hudson Rock said it was the first to raise the alarm.
While acknowledging the amount of data taken had not been verified, the firm's chief technology officer said a number of clues appeared to support the hacker's claim
The data did not appear to have been copied from the earlier incident.
The hacker gave a sample of 1,000 emails, but only 60 of them appeared.
The hacker wants to sell the database on a cyber-crime forum. This is done for real offerings
When certain conditions are met, an escrow service releases funds.
"Ryushi" said that it exploited a problem with a system that allows computer programmes to connect with the micro-blogging site.
The weakness in the system was fixed by the social media company. The flaw is thought to have been used in the earlier incident.
On December 23, the DPC announced it was looking into that previous violation.
The lead authority for compliance with EU data protection rules is the commission.
The DPC said in a statement that it is investigating the latest incident and that more data has been offered for sale on the dark internet.
The DPC is looking at the data protection law in relation to the security issue.
The hacker knows how important the data is for platforms.
The best chance of avoiding a large data-protection fine is to buy back the data exclusively.
Data from more than 533 million Facebook users was leaked online and the DPC hit Meta with a penalty of over two hundred million euro.