This article is more than 1 year old
Valuable personal info leaks from Facebook – not Zuck selling it, unencrypted hard drives of staff data stolen
Car smash-and-grab ends with loss of payroll details for 20,000 employees
Facebook has lost a copy of the personal details of 29,000 of its employees after hard drives containing unencrypted payroll information were stolen from an employee's car.
The antisocial network said it is in the process of informing those who were exposed, though so far there is no indication of the purloined details being used for fraud, it is claimed.
"We worked with law enforcement as they investigated a recent car break-in and theft of an employee’s bag containing company equipment with employee payroll information stored on it," a Facebook spokesperson told The Register. "We have seen no evidence of abuse and believe this was a smash and grab crime rather than an attempt to steal employee information
"Out of an abundance of caution, we have notified the current and former employees whose information we believe was stored on the equipment – people who were on our US payroll in 2018 – and are offering them free identity theft and credit monitoring services. This theft impacts current and former Facebook employees only and no Facebook user data was involved."
A report from Bloomberg today cites an internal email explaining that last month an employee in the payroll department had their car broken into and, among the items stolen, were unencrypted hard drives containing corporate records. The report also notes that the worker was not authorized to have the drive in their car, and has been disciplined.
The lifted records were said to include employee names, bank account numbers, and partial social security numbers.
So far, Facebook has yet to file a data breach notification with the state of California, as is required by law.
This is certainly a unique situation for Facebook, as the data-slurping biz usually finds itself on the other side of egregious violations of personal privacy. Facebook has made something of a custom out of letting outside developers play fast and loose with user profile information. ®
Biting the hand that feeds IT
