Facebook CEO Mark Zuckerberg appeared before the Senate Judiciary and Commerce Committee Tuesday to answer questions regarding the Cambridge Analytica scandal. The social media platform has been widely criticized for not taking immediate and forceful action when it learned that the information of tens of millions of users had been acquired by the data analytics firm in 2015.

During the hearing, Senator Dianne Feinstein (D-CA) came down on the tech mogul for those same reasons. The California legislator asked why Zuckerberg didn’t ban Cambridge from accessing Facebook’s Open Graph feature — the service that allowed third-party developers to request access to users’ personal data — in light of his discovery. The CEO claimed there was nothing to ban.

“Cambridge Analytica wasn’t using our services in 2015 as far as we can tell,” he responded. “…As of the time that we learned of their activity in 2015 they weren’t an advertiser, they weren’t running pages so we actually had nothing to ban.”

Back in 2013, Cambridge academic Aleksandr Kogan and his company Global Science Research developed a quiz app called “thisisyourdigitallife.” Roughly 300,000 users are believed to have taken the this digital survey that prompted them to answer questions for a psychological profile. The program was able to harvest users personal data, as well as the information from their Facebook friends, giving Kogan access to millions of profiles.

cambridge analytical facebook stats

Facebook learned of this data siphoning late in 2015, when it was reported that Cambridge Analytica was giving Ted Cruz’s presidential campaign massive amounts of Facebook data during the 2016 Presidential Election.

When the social media giant caught wind of this, it claimed it pressured Kogan and Cambridge to dispose of the data that they had acquired through the app. It is unclear whether the firm actually did that and there is speculation that Donald Trump’s campaign also had access to the data during the election.

While Zuckerberg claims that there was nothing Facebook could have done at the time he has now retroactively set up preventative measures to combat data breaches. This is a move in the right direction for future data management, but it does nothing for the 87 million accounts that have already been compromised.