Thief swipes sensitive details of 30,000 Facebook employees

Stolen hard drives contained personal banking information including payroll data

The personal and financial data of thousands of Facebook workers was exposed after somebody allegedly stole corporate hard drives from an employee’s car.

The unencrypted drives contained workers’ payroll information including the names, bank account numbers and the last four digits of social security numbers belonging to approximately 29,000 workers, according to Bloomberg. The compromised data also contained salary information, bonus amounts and equity details.

The worker’s car was broken into on 17 November, and the firm realised the hard drives had been stolen three days later. Facebook told its affected employees on 13 December that their financial and personal details may have been compromised following a forensic investigation in late November.

The hard drives stored information of US-based employees who worked at the social media company in 2018, although did not contain any users’ personal or financial data. The firm said it would offer the affected employees free identity theft and credit monitoring services.

“We are working with law enforcement as they investigate a recent car break-in and theft of an employee’s bag containing company equipment with employee payroll information stored on it,” a spokesperson told IT Pro. “We have seen no evidence of abuse and believe this was a smash and grab crime rather than an attempt to steal employee information.” 

“We have taken appropriate disciplinary action,” the spokesperson added in a statement to Bloomberg, commenting on the payroll employee who extracted the hard drives from the site against company protocol. “We won’t be discussing individual personnel details.”

Related Resource

How do vulnerabilities get into software?

90% of security incidents result from exploits against defects in software

Download now

The company has gained notoriety for leaking the personal data of its users on several prominent occasions. The personal data of 30 million users, for example, was announced to have leaked in October 2018 due to a vulnerability in Facebook’s code that existed between July 2017 and September 2018.

The Irish Data Protection Commission (DPC) is also investigating the firm for more than ten separate General Data Protection Regulation (GDPR) violations, albeit not all related to the exposure of user data.

Featured Resources

How virtual desktop infrastructure enables digital transformation

Challenges and benefits of VDI

Free download

The Okta digital trust index

Exploring the human edge of trust

Free download

Optimising workload placement in your hybrid cloud

Deliver increased IT agility with the cloud

Free Download

Modernise endpoint protection and leave your legacy challenges behind

The risk of keeping your legacy endpoint security tools

Download now

Most Popular

How to move Microsoft's Windows 11 from a hard drive to an SSD
Microsoft Windows

How to move Microsoft's Windows 11 from a hard drive to an SSD

4 Jan 2022
Microsoft Exchange servers break thanks to 'Y2K22' bug
email delivery

Microsoft Exchange servers break thanks to 'Y2K22' bug

4 Jan 2022
Hired by machines: Exploring recruitment's machine-driven future
recruitment

Hired by machines: Exploring recruitment's machine-driven future

8 Jan 2022