Google announced on Monday that it would be shutting down its social media platform “Google+” after a massive data breach was discovered. According to Reuters, the breach may affect up to 500,000 users and was most likely caused by a bug that infected the site more than two years ago.

Although the bug was only announced this week, a report from Reuters states that Google knew about the breach as early as March of this year. The company also stated that they had no reason to believe the personal data of any of the effected users was captured or used nefariously.

“None of these thresholds were met in this instance,” Google officials said according to Reuters. “We found no evidence that any developer was aware of this bug, or abusing the API, and we found no evidence that any Profile data was misused.”

According to a report from the Wall Street Journal, Google decided to keep the breach quiet to avoid new regulations and to save the reputation of the brand.

“It seems like the downside risk of having a story that says they intentionally hid information about a major breach from users is bigger than the upside of avoiding scrutiny,” said Dartmouth’s engineering professor Geoffrey Parker while speaking to Reuters. “I wonder if there wasn’t more depth to the internal debate.”

Google is just the latest in a series of tech companies that have had issues with cybersecurity. Recently, Facebook announced that about 50 million of its users were exposed to a data breach after a glitch with the system’s “view as” feature left valuable login keys open for hackers.

Facebook’s recent announcement led to some legislators calling for more regulation; a situation that Google cited as the reason they hid their data breach.

“This is another sobering indicator that Congress needs to step up and take action to protect the privacy and security of social media users,” said Senator Mark Warner, via a statement.