Facebook’s insistence that user data is safe as houses does not appear to stretch to its own staff after the personal and financial data of thousands of Facebook workers has been exposed following the theft of corporate hard drives from an employee’s car.
The company has yet to explain how the staffer came to have the unencrypted drives in the first place, as it is against company protocol. Facebook simply stated that it has taken “appropriate disciplinary action”, adding that it “won’t be discussing individual personnel details”.
Bloomberg reports that the hard drives contained 29,000 workers’ payroll information, including names, bank account numbers and the last four digits of social security numbers.
The compromised data also contained salary information, bonus amounts and equity details. The staffer – who worked in HR – reportedly had their car was broken into on November 17, but Facebook did not inform those who have been affected until on December 13.
The hard drives stored information of US-based employees who worked at the social media company in 2018. The firm said it would offer the affected employees free identity theft and credit monitoring services.
In a statement, the social media giant said: “We are working with law enforcement as they investigate a recent car break-in and theft of an employee’s bag containing company equipment with employee payroll information stored on it.
“We have seen no evidence of abuse and believe this was a smash and grab crime rather than an attempt to steal employee information.”
In May, it was revealed that the overwhelming majority (88.8%) of people who work in the tech industry do not trust Facebook to handle their data, with nearly a quarter (24.25%) of the social media giant’s own staff admitting they have no confidence in the company’s ability to keep their personal information safe.
And in September, another mass data breach was claimed to have exposed the personal information of 210 million users, although the social media giant tried to dismiss the information as “old”.
There were 419 million records in total, but Facebook maintained many were duplicates, and old – from the times when Facebook let users search accounts by phone numbers – although with most people
keeping their mobile numbers this could be irrelevant.
Some 18 million records are from the UK, although the majority, 133 million, are from US users and 50 million records are Vietnamese users. However, it still counts as one of the largest data breaches in history.
Related stories
Facebook urged to come clean over fresh data breach
Even Facebook’s own staff don’t trust it with their data
Facebook finally pays ICO fine but accepts no liability
Facebook bids to overturn £500,000 data abuse fine
Facebook finally hit with maximum £500,000 data fine
Denham under fire over ‘unchallenged’ Facebook fine
Not us guv…Facebook says no-one in EU was hit by CA