Another Facebook Privacy Scandal: Thief Steals Hard Drives with Payroll Data

It took Facebook three days to realize the drives were stolen.

Facebook can't catch a break. Things have not been going well for the social media platform for quite some time now.

Not that long ago, Facebook had to pay a hefty fine of $5 billion to the Federal Trade Commission (FTC) and was required to undergo privacy checks due to the Cambridge Analytica scandal. And just last week, the FTC revealed that it was considering seeking an injunction against the firm to block it from merging with Instagram and WhatsApp.

RELATED: FTC FINES FACEBOOK RECORD $5 BILLION AND ORDERS PRIVACY CHECKS

Now, the latest Facebook-related news emerged from the company, and things don't look good once again. Bloomberg reported that a thief stole payroll hard drives from an employee's car, putting the private data of thousands of employees at risk, once again.

Failing at privacy protection

When it comes to privacy protection, it seems Facebook keeps on failing. And that is very concerning for its gigantic user base. Still, one would guess that the hard drives would at least be encrypted, but it seems that they weren't.

The drives had the personal data of about 29,000 U.S. employees who worked at Facebook in 2018 such as names, bank account numbers, the last four digits of employees’ social security numbers, and compensation information. Luckily, the hard drives had no user data.

Another issue is that Facebook was inexplicably slow to understand that the theft actually happened. The incident occurred on November 17 but Facebook only realized it on November 20.

Working with the authorities

Facebook said they were working with the relevant authorities to see the matter handled.

“We worked with law enforcement as they investigated a recent car break-in and theft of an employee’s bag containing company equipment with employee payroll information stored on it,” a spokeswoman said in a statement shared with Bloomberg. “We have seen no evidence of abuse and believe this was a smash and grab crime rather than an attempt to steal employee information.”

Facebook also said that the employee was never supposed to take the drives outside of the office. As such, the firm said "disciplinary action" was taken.

In an email sent to its employees, Facebook offered its employees a two-year subscription to an identity theft monitoring service and encouraged them to notify their banks of the incident.

Advertisement

Stay on top of the latest engineering news

Just enter your email and we’ll take care of the rest:

By subscribing, you agree to our Terms of Use and Privacy Policy. You may unsubscribe at any time.