Payroll Information For 29,000 Facebook Employees Stolen By A Car Thief

16/12/2019

Again Facebook is experiencing security and privacy issues.

But unlike previous incidents which affected Facebook users, this time, it's the personal banking information for tens of thousands of Facebook employees in the U.S. that was affected. It was first reported by Bloomberg that a thief managed to stole several corporate hard drives from an employee’s car.

The hard drives, which were apparently unencrypted, had data that included payroll information for Facebook employees.

They also included more specific information, such as employee names, bank account numbers and the last four digits of employees’ social security numbers, that according to an email Facebook shared. The drives also included compensation information, bonus amounts, and some equity details.

In total, the drives contained personal data for about 29,000 U.S. employees who worked at Facebook in 2018, a spokeswoman confirmed.

The stolen drives didn’t include Facebook user data, the spokeswoman said.

Facebook office in Menlo Park, California
Aerial view of Facebook's headquarters in Menlo Park, California, U.S.

According to a Facebook spokeswoman:

"We worked with law enforcement as they investigated a recent car break-in and theft of an employee’s bag containing company equipment with employee payroll information stored on it,” the spokeswoman said in a statement shared with Bloomberg. “We have seen no evidence of abuse and believe this was a smash and grab crime rather than an attempt to steal employee information."

The thief stole the hard drives on November 17, and Facebook realized that they were missing a few days later, on November 20.

On November 29, a forensic investigation confirmed that those hard drives included employee payroll information. Facebook started alerting affected employees on Friday December 13.

What makes the incident more damaging to Facebook is that, the employee whose robbed, is a member of Facebook’s payroll department. He broke a protocol, as he wasn’t supposed to have taken the hard drives outside the office in the first place.

“We have taken appropriate disciplinary action,” the spokeswoman said. “We won’t be discussing individual personnel details."

Facebook believes that the incident wasn't a targeted theft, and was a random attack.

"We have seen no evidence of abuse and believe this was a smash and grab crime rather than an attempt to steal employee information," said the spokesperson.

With Facebook continued being bombarded by issues. The quoted saying "we have a responsibility to protect your data," by founder and Facebook CEO Mark Zuckerberg in the aftermath of the 2018 Cambridge Analytica scandal, isn't putting anyone at ease.

"If we can't then we don't deserve to serve you," Zuckerberg said.

Facebook encourages affected employees to notify their banks and offered them a two-year subscription to an identity theft monitoring service.