For the first time, victims of Facebook’s data breach are not its users.
Facebook has become a victim of yet another data breach and this time victims are none other than the company’s employees.
Reportedly, an unidentified thief has stolen banking data of around 29,000 Facebook employees. The data was stored on unencrypted hard drives in payroll worker’s computer equipment placed in the worker’s vehicle.
See: Cola-Cola breach: ex-employee stole hard drive with 8,000 workers’ data
These drives contained information on thousands of Facebook’s US employees, both current and former. A majority of those joined Facebook in 2018.
Bloomberg’s report explained that the stolen database included sensitive personal data including employee names, bank account numbers, and last four digits of their SSN (social security numbers).
Moreover, details about their salaries, bonuses, and equity were also part of the stolen data. Facebook, on the other hand, notified affected employees about data theft via email on Friday.
The email stated that the theft occurred despite ensuring an “abundance of caution” and will take necessary “disciplinary action.”
While speaking with Bloomberg, a spokesperson from Facebook stated that there is no evidence that the stolen data has been abused or exploited in any way.
“We have seen no evidence of abuse and believe this was a smash and grab crime rather than an attempt to steal employee information,” stated the spokesperson.
It is worth noting that stolen hard drives didn’t contain data of Facebook users but only of its employees. However, the very fact that there has been another unfortunate privacy breach incident involving Facebook is an issue of concern.
See: Hard Drives of Indiana State Medical Association stolen, 40K customers affected
It also raises questions about the level of security measures the social network observes regarding the protection of its users and employees’ data.
We also fail to understand why such crucial details are transported so casually in unencrypted hard drives. Most probably, the employee wasn’t asked to transport it in this manner and it could very well be by mistake.
Nevertheless, as The Verge pointed out, storing banking and personal details of employees in unencrypted form is a questionable practice considering that the employee was strolling around in the highly theft-prone Bay Area.