Thief swipes sensitive details of 30,000 Facebook employees

Stolen hard drives contained personal banking information including payroll data

The personal and financial data of thousands of Facebook workers was exposed after somebody allegedly stole corporate hard drives from an employee’s car.

The unencrypted drives contained workers’ payroll information including the names, bank account numbers and the last four digits of social security numbers belonging to approximately 29,000 workers, according to Bloomberg. The compromised data also contained salary information, bonus amounts and equity details.

The worker’s car was broken into on 17 November, and the firm realised the hard drives had been stolen three days later. Facebook told its affected employees on 13 December that their financial and personal details may have been compromised following a forensic investigation in late November.

The hard drives stored information of US-based employees who worked at the social media company in 2018, although did not contain any users’ personal or financial data. The firm said it would offer the affected employees free identity theft and credit monitoring services.

“We are working with law enforcement as they investigate a recent car break-in and theft of an employee’s bag containing company equipment with employee payroll information stored on it,” a spokesperson told IT Pro. “We have seen no evidence of abuse and believe this was a smash and grab crime rather than an attempt to steal employee information.” 

“We have taken appropriate disciplinary action,” the spokesperson added in a statement to Bloomberg, commenting on the payroll employee who extracted the hard drives from the site against company protocol. “We won’t be discussing individual personnel details.”

Related Resource

How do vulnerabilities get into software?

90% of security incidents result from exploits against defects in software

Download now

The company has gained notoriety for leaking the personal data of its users on several prominent occasions. The personal data of 30 million users, for example, was announced to have leaked in October 2018 due to a vulnerability in Facebook’s code that existed between July 2017 and September 2018.

The Irish Data Protection Commission (DPC) is also investigating the firm for more than ten separate General Data Protection Regulation (GDPR) violations, albeit not all related to the exposure of user data.

Featured Resources

Digitally perfecting the supply chain

How new technologies are being leveraged to transform the manufacturing supply chain

Download now

Three keys to maximise application migration and modernisation success

Harness the benefits that modernised applications can offer

Download now

Your enterprise cloud solutions guide

Infrastructure designed to meet your company's IT needs for next-generation cloud applications

Download now

The 3 approaches of Breach and Attack Simulation technologies

A guide to the nuances of BAS, helping you stay one step ahead of cyber criminals

Download now

Recommended

Visit/data-insights/data-management/354423/eu-us-data-transfer-tools-used-by-facebook-ruled-legal
data management

EU-US data transfer tools used by Facebook ruled legal

19 Dec 2019
Visit/backup/33385/arcserve-udp-9240dr-review-beef-up-your-backups
backup

Arcserve UDP 9240DR review: Beef up your backups

4 Apr 2019

Most Popular

Visit/operating-systems/25802/17-windows-10-problems-and-how-to-fix-them
operating systems

17 Windows 10 problems - and how to fix them

13 Jan 2020
Visit/microsoft-windows/32066/what-to-do-if-youre-still-running-windows-7
Microsoft Windows

What to do if you're still running Windows 7

14 Jan 2020
Visit/web-browser/30394/what-is-http-error-503-and-how-do-you-fix-it
web browser

What is HTTP error 503 and how do you fix it?

7 Jan 2020
Visit/policy-legislation/general-data-protection-regulation-gdpr/354577/data-protection-fines-hit-ps100m
General Data Protection Regulation (GDPR)

Data protection fines hit £100m during first 18 months of GDPR

20 Jan 2020