You are here

Thief stole payroll data of thousands of Facebook employees

BT_20191216_WEEFACE16_3977934.jpg
The police are investigating the Nov 17 car break-in and theft of a Facebook employee's bag containing the hard drives with employees' personal banking and payroll data stored in them.

San Francisco

PERSONAL banking information for tens of thousands of Facebook Inc workers in the US was compromised last month when a thief stole several corporate hard drives from an employee's car.

The hard drives, which were unencrypted, included payroll data such as employee names, bank account numbers and the last four digits of employees' social security numbers, according to an email Facebook shared with staff last Friday morning. The drives also included compensation information, including salaries, bonus amounts, and some equity details.

In total, the drives contained personal data of about 29,000 US employees who worked at Facebook in 2018, a spokeswoman confirmed. Facebook has faced several instances in recent years of exposing personal data of the social network's users. However, the stolen drives didn't include Facebook user data, the spokeswoman said.

"We worked with law enforcement as they investigated a recent car break-in and theft of an employee's bag containing company equipment with employee payroll information stored on it," the spokeswoman said in a statement shared with Bloomberg. "We have seen no evidence of abuse and believe this was a smash and grab crime rather than an attempt to steal employee information."

The break-in happened on Nov 17, and Facebook realised the hard drives were missing on Nov 20, according to the internal email. On Nov 29, a "forensic investigation" confirmed that those hard drives included employee payroll information. Facebook started alerting affected employees on Dec 13.

The employee who was robbed is a member of Facebook's payroll department, and wasn't supposed to have taken the hard drives outside the office. "We have taken appropriate disciplinary action," the spokeswoman said. "We won't be discussing individual personnel details."

Facebook is still working with law enforcement to recover the information, though none of the hard drives has been found. In an email, Facebook encouraged employees to notify their banks and offered them a two-year subscription to an identity theft monitoring service. BLOOMBERG