Stolen Hard Drives Had Payroll Data For 29,000 Facebook Workers

December 13, 2019 TH Author headline,privacy,bank,cybercrime,data loss,fraud,facebook

Personal banking information for tens of thousands of Facebook workers in the U.S. was compromised last month when a thief stole several corporate hard drives from an employee’s car.

The hard drives, which were unencrypted, included payroll data like employee names, bank account numbers and the last four digits of employees’ social security numbers, according to an email Facebook shared with staff Friday morning. The drives also included compensation information, including salaries, bonus amounts, and some equity details.

In total, the drives contained personal data for about 29,000 U.S. employees who worked at Facebook in 2018, a spokeswoman confirmed. Facebook has faced several instances in recent years of exposing personal data of the social network’s users. However, the stolen drives didn’t include Facebook user data, the spokeswoman said.

“We worked with law enforcement as they investigated a recent car break-in and theft of an employee’s bag containing company equipment with employee payroll information stored on it,” the spokeswoman said in a statement shared with Bloomberg. “We have seen no evidence of abuse and believe this was a smash and grab crime rather than an attempt to steal employee information.”

The break-in happened on Nov. 17, and Facebook realized the hard drives were missing on Nov. 20, according to the internal email. On Nov. 29, a “forensic investigation” confirmed that those hard drives included employee payroll information. Facebook started alerting affected employees on Friday, Dec. 13.

The employee who was robbed is a member of Facebook’s payroll department, and wasn’t supposed to have taken the hard drives outside the office. “We have taken appropriate disciplinary action,” the spokeswoman said. “We won’t be discussing individual personnel details.”

Facebook is still working with law enforcement to recover the information, though none of the hard drives have been found. In an email, Facebook encouraged employees to notify their banks and offered them a two-year subscription to an identity theft monitoring service.