Some tens of thousands of current and former Facebook employees are impacted after a thief stole corporate hard drives from an employee’s car. According to Bloomberg, banking information of 29,000 Facebook employees in the U.S. was compromised.
The hard drives, which were unencrypted, contained payroll data like employee names, bank account numbers, social security numbers, salary details, bonus amounts, and equity details. However, Facebook clarified that the stolen drives didn’t include Facebook users’ data.
“We worked with law enforcement as they investigated a recent car break-in and theft of an employee’s bag containing company equipment with employee payroll information stored on it. We have seen no evidence of abuse and believe this was a smash and grab crime rather than an attempt to steal employee information,” Facebook said in a statement.
According to sources, the incident occurred on November 17. Facebook started notifying the affected employees from December 13 after realizing the issue on November 20.
The employee who was robbed is a member of Facebook’s payroll department. Facebook stated that it has taken disciplinary action against the employee, as it is unethical to carry the company’s sensitive information outside the office.
Facebook authorities stated that it’s working with law enforcement to recover the information. The social networking giant also offered affected employees a two-year subscription to an identity theft monitoring service.
Data breach woes for Facebook don’t seem to be ending. Facebook and its subsidiaries like WhatsApp and Instagram faced several security instances in recent years for exposing personal data of its users.
Recently, Facebook admitted a data breach involving 100 third-party app developers who had improper data access. In a blog post, Facebook’s Konstantinos Papamiltiadis, Director of Platform Partnerships revealed that app developers had access to user data such as group member names and profile pictures through the Group API.
Prior to April 2018, app developers had unrestricted access to group members’ information. But with changes made in Group API posts in April 2018, this has changed. The app developers now only have limited access to group information such as group name, number of users, and the content in group posts.
According to Facebook’s new framework designed on the guidelines of their agreement with the Federal Trade Commission (FTC), Facebook is required to conduct timely and scheduled audits of all its products and services for factors such as data breach, privacy adherence, etc.