Personal banking information for tens of thousands of Facebook staff compromised after hard drive theft from a car in the United States
Facebook is facing a new data breach that was caused by petty theft in the United States, rather than a cyber-security related incident.
Corporate hard drives, that were unencrypted, were stolen from a car belonging to a Facebook employee.
Unfortunately, according to Bloomberg, the unencrypted hard drives included valuable payroll data including employee names, as well as bank account numbers and the last four digits of employees’ social security numbers.
Facebook made the admission in an email to staff last Friday, Bloomberg reported. The stolen data also included compensation details of the staffers, including salaries, bonus amounts, and some equity details.
Facebook apparently confirmed that the drives contained personal data for about 29,000 American employees who worked at Facebook in 2018.
“We worked with law enforcement as they investigated a recent car break-in and theft of an employee’s bag containing company equipment with employee payroll information stored on it,” the spokeswoman said in a statement shared with Bloomberg. “We have seen no evidence of abuse and believe this was a smash and grab crime rather than an attempt to steal employee information.”
The break-in happened on 17 November somewhere in the United States.
Facebook realised the hard drives were missing on 20 November, according to the internal email. A week later on 29 November a “forensic investigation” confirmed that those hard drives included employee payroll information.
Facebook began alerting affected employees on Friday 13 December.
It is reported that the Facebook employee, whose car was broken into, is a member of Facebook’s payroll department, and wasn’t supposed to have taken the hard drives outside the office.
“We have taken appropriate disciplinary action,” the spokeswoman reportedly said. “We won’t be discussing individual personnel details.”
Facebook said it was still working with law enforcement to recover the information, though none of the hard drives have been found.
In an email, Facebook encouraged employees to notify their banks and offered them a two-year subscription to an identity theft monitoring service.
Do you know all about security? Try our quiz!