Google will close most of its failing social media platform Google+ and implement several new privacy measures after discovering that hundreds of thousands of users potentially had their personal data exposed because of a previously undisclosed software bug, the company announced Monday.

The bug, discovered in March during an internal company review, could have allowed outside software developers – or people posing as outside developers – to learn the names, email addresses, occupations, genders and ages of Google+ users.

Some of that qualifies as legally protected personally identifiable information, and its exposure could trigger scrutiny from federal and state regulators, including some who have probed Google before on similar issues. The company said in a blog post that it was not aware that any outsider had discovered the bug or used it to gain improper access to user data, though in previous online security incidents, such discoveries sometimes lag by months or years after a computer bug has been initially reported.

In the blog post, Google said it did not immediately announce the problems with Google+ because it was not sure which users to inform, who they were and what affected users could do to protect themselves. But a two-week-long review of Google+ found that up to 500,000 users may have had their data exposed to developers of 438 applications.

The Wall Street Journal separately reported Monday that Google executives delayed announcing problems with Google+ because of concerns about its reputation and the danger of sparking new pushes for regulation.