In what has been described as a “smash and grab crime”, Facebook has lost the personal details of more than 20,000 of its employees.
The company said that it is in the process of informing those employees who were exposed, and claims that there is no indication that the stolen data was being used for fraud.
A spokesperson for Facebook said: “We worked with law enforcement as they investigated a recent car break-in and theft of an employee’s bag containing company equipment with employee payroll information stored on it.
“We have seen no evidence of abuse and believe this was a smash and grab crime rather than an attempt to steal employee information.
“Out of an abundance of caution, we have notified the current and former employees whose information we believe was stored on the equipment – people who were on our US payroll in 2018 – and are offering them free identity theft and credit monitoring services. This theft impacts current and former Facebook employees only and no Facebook user data was involved.”
According to an internal Facebook email, cited by Bloomberg, the hard drives contained information including employee names, bank account numbers and the last four digits of employees’ social security numbers.
- Anomalous Secures Place on Boeing Accelerator Programme
- Drinks-on-demand Tech Firm Launches Fundraiser Campaign
- Trust, Transparency and Medical Data: An Interview with Talking Medicines’ Elizabeth Fairley
The email explains that last month an employee in the payroll department, who was not authorised to have a drive in their car, had their vehicle broken into. Among the items stolen, were the unencrypted hard drives. The email notes that the employee in question has been disciplined.
At present, the company has not filed a data breach notification with the state of California, which is it legally required to do. The stolen hard drives have yet to be found.