Facebook hard disks containing company's payroll information stolen

Bubbajim

TechSpot Staff
Staff member

Facebook may have taken steps in the last few years to tighten their data control policies, but it seems their best intentions have been foiled by an employee mistake and a spot of bad luck. On Friday morning, Facebook employees received an email from management confirming that unencrypted hard drives containing personal and payroll information had been stolen from a staff member’s car.

According to Bloomberg, the disks contained the data of almost 29,000 people who worked at Facebook during 2018, and included information such as salaries, bonus payments, bank account details and partial social security numbers.

For once, no Facebook user data was compromised.

The company doesn’t believe that staff information was specifically targeted. Instead they believe it was just bad luck that the disks happened to be in the car that was broken into. A spokesperson for Facebook said, “we worked with law enforcement as they investigated a recent car break-in and theft of an employee’s bag containing company equipment with employee payroll information stored on it, we have seen no evidence of abuse and believe this was a smash and grab crime rather than an attempt to steal employee information.”

Unsurprisingly, the unfortunate employee whose car was robbed was not meant to have taken the hard disks out the office. Facebook have confirmed that they have taken “appropriate disciplinary action” though they declined to say what ‘appropriate’ meant exactly.

Perhaps just as worrying for fellow staff members, however, is the timeline of events and Facebook’s sluggishness in communicating with people. The break-in allegedly happened on November 17, and Facebook confirmed a few days later that the disks in question had been taken, but employees were not notified until December 13. That’s almost a month during which the perpetrator could make use of the data.

The email to staff reportedly encouraged employees to inform their banks, and offered affected people a two-year subscription to an identity theft detection scheme.

Permalink to story.

 
Kar·ma
/ˈkärmə/
noun
(in Hinduism and Buddhism) the sum of a person's actions in this and previous states of existence, viewed as deciding their fate in future existences.
INFORMAL
destiny or fate, following as effect from cause.
 
  • Like
Reactions: DaveBG

QuantumPhysics

TS Evangelist
Aside from the possibility of having your data used against you in a court of law, you have to worry about textbook identity theft.

Smuckerberg will get nothing from me but memes and off-color commentary.
 
  • Like
Reactions: ckm88

VitalyT

Russ-Puss
TechSpot Elite
Kar·ma
/ˈkärmə/
noun
(in Hinduism and Buddhism) the sum of a person's actions in this and previous states of existence, viewed as deciding their fate in future existences.
INFORMAL
destiny or fate, following as effect from cause.
Western interpretation is simpler - "Karma is a biyatch".
 
Last edited:
  • Like
Reactions: hahahanoobs

hahahanoobs

TS Evangelist
"they declined to say what ‘appropriate’ meant exactly."

F-I-r-e-d. Just say it. Fired.

"offered affected people a two-year subscription to an identity theft detection scheme."

You meant to say LIFETIME subscription.
 
  • Like
Reactions: Yynxs

Plutoisaplanet

TS Addict
We’ve had something similar to this happen to my company years ago, and as a response IT Security required that all hard drives handling work data must be encrypted. They’ve also added mandatory annual training of basic tech security principals for all employees. How does Facebook not have a policy like this??
 

captaincranky

TechSpot Addict
For those of you who enjoy conspiracy theories, try this on for size.

The employee wasn't supposed to have the HDDs out of the office.
He, (or she), takes the drives out anyway, and stores then in plain sight.

Most car break ins occur through a smashed window. If this employee was concerned about security, the drives would have been in the trunk. (Although SUVs aren't notorious for having trunks).

An acquaintance of the employee comes and takes the drives. Perhaps a door is "accidentally" left unlocked. That would alleviate the nuisance of an insurance claim for a broken window
 
  • Like
Reactions: ShagnWagn and Yynxs

captaincranky

TechSpot Addict
We’ve had something similar to this happen to my company years ago, and as a response IT Security required that all hard drives handling work data must be encrypted. They’ve also added mandatory annual training of basic tech security principals for all employees. How does Facebook not have a policy like this??
Perhaps they broke the bank on an overly lavish ad billing department wing, and are still scrimping and saving up for an IT security closet..
 
Last edited:

Yynxs

TS Maniac
For those of you who enjoy conspiracy theories, try this on for size.
I think it was a Ukranian Oligarch paying a Biden clan member to entrap a Pelosi progeny with fake Chinese server chip plans steganographically altered with indisputable Steele-clad proof relating how South China Sea servers hidden deep underground in an artificial island tracked illegal payments routed from Putin to Trump using NBA hollow-head bobble figures.
BTJM.
 

ShagnWagn

TS Evangelist
Do they have any explanation as to why this data was even on external drives? Let alone outside the company? And why does it take multiple hard disk(s) to store this data? This was staged.

"offered affected people a two-year subscription to an identity theft detection scheme"

So, this is the default for giving out people's intimate details these days? Gee, thanks. And especially from a company "worth" how many billions? I'm sure people will this will never have an issue again... Where is the payout for the future issues that will inevitably happen? The information out in the wild is worth way more than this.
 
  • Like
Reactions: captaincranky

captaincranky

TechSpot Addict
Do they have any explanation as to why this data was even on external drives? Let alone outside the company? And why does it take multiple hard disk(s) to store this data? This was staged.

"offered affected people a two-year subscription to an identity theft detection scheme"

So, this is the default for giving out people's intimate details these days? Gee, thanks. And especially from a company "worth" how many billions? I'm sure people will this will never have an issue again... Where is the payout for the future issues that will inevitably happen? The information out in the wild is worth way more than this.
Hey, look how much information Experian managed to lose, and all they offered was "one free year" of identity protection.

Ironically, as compared to that "largess", it makes Zuckie look positively like a "philanthropist".

"Scheme" is such an ugly word. :eek: I'm sure you meant to say "solution" ..:rolleyes: :facepalm: