Thief swipes sensitive details of 30,000 Facebook employees

Stolen hard drives contained personal banking information including payroll data

The personal and financial data of thousands of Facebook workers was exposed after somebody allegedly stole corporate hard drives from an employee’s car.

The unencrypted drives contained workers’ payroll information including the names, bank account numbers and the last four digits of social security numbers belonging to approximately 29,000 workers, according to Bloomberg. The compromised data also contained salary information, bonus amounts and equity details.

The worker’s car was broken into on 17 November, and the firm realised the hard drives had been stolen three days later. Facebook told its affected employees on 13 December that their financial and personal details may have been compromised following a forensic investigation in late November.

The hard drives stored information of US-based employees who worked at the social media company in 2018, although did not contain any users’ personal or financial data. The firm said it would offer the affected employees free identity theft and credit monitoring services.

“We are working with law enforcement as they investigate a recent car break-in and theft of an employee’s bag containing company equipment with employee payroll information stored on it,” a spokesperson told IT Pro. “We have seen no evidence of abuse and believe this was a smash and grab crime rather than an attempt to steal employee information.” 

“We have taken appropriate disciplinary action,” the spokesperson added in a statement to Bloomberg, commenting on the payroll employee who extracted the hard drives from the site against company protocol. “We won’t be discussing individual personnel details.”

Related Resource

How do vulnerabilities get into software?

90% of security incidents result from exploits against defects in software

Download now

The company has gained notoriety for leaking the personal data of its users on several prominent occasions. The personal data of 30 million users, for example, was announced to have leaked in October 2018 due to a vulnerability in Facebook’s code that existed between July 2017 and September 2018.

The Irish Data Protection Commission (DPC) is also investigating the firm for more than ten separate General Data Protection Regulation (GDPR) violations, albeit not all related to the exposure of user data.

Featured Resources

2021 Thales access management index: Global edition

The challenges of trusted access in a cloud-first world

Free download

Transforming higher education for the digital era

The future is yours

Free download

Building a cloud-native, hybrid-multi cloud infrastructure

Get ready for hybrid-multi cloud databases, AI, and machine learning workloads

Free download

The next biggest shopping destination is the cloud

Know why retail businesses must move to the cloud

Free Download

Most Popular

Best Linux distros 2021
operating systems

Best Linux distros 2021

11 Oct 2021
Veritas Backup Exec 21.3 review: Covers every angle
backup software

Veritas Backup Exec 21.3 review: Covers every angle

14 Oct 2021
HPE wins networking contract with Birmingham 2022 Commonwealth Games
Network & Internet

HPE wins networking contract with Birmingham 2022 Commonwealth Games

15 Oct 2021