The username attached to the post is almost certainly PII. Unless they're anonymising the post, they're definitely running afoul of GDPR.

This, of course, assumes this is intentional action, which I'm not wholly convinced of. Malice, incompetence, and all that.