Governance, Risk and Compliance, Content

Facebook Security: Robbers Stole Personal, Banking Data on 30K Employees

Thieves have reportedly stolen personal banking and payroll information of nearly 30,000 current and former Facebook employees in a heist of corporate hard drives from a worker’s car.

Getting away with the unencrypted hard drives was a significant score for the robbers. Data now in their hands includes employee names, bank account numbers and the last four digits of employees’ social security numbers, salaries, bonus amounts, and equity details, according to an email Facebook shared with staff, Bloomberg reported. It won't be long until much of that information is sold to hackers on the dark web.

The burglary reportedly occurred on November 17. Three days later the company discovered the hard drives were unaccounted for, the internal email said, as Bloomberg reported. Of note, no user data was pilfered in the robbery, a Facebook spokesperson told Bloomberg.

“We worked with law enforcement as they investigated a recent car break-in and theft of an employee’s bag containing company equipment with employee payroll information stored on it,” the spokeswoman said. “We have seen no evidence of abuse and believe this was a smash and grab crime rather than an attempt to steal employee information.”

Through a forensic investigation Facebook determined that the missing hard drives contained employee payroll information. On December 13, nearly one month after the initial break-in, Facebook alerted affected employees, the report said. The employee who was robbed works in Facebook’s payroll department, and wasn’t authorized to transport the hard drives out of the workspace. “We have taken appropriate disciplinary action,” the spokeswoman said, but declined to provide any additional details.

It’s not clear if the burglars knew what data was on the hard drives and to this point none of the pilfered hardware has been located. Facebook has encouraged employees to notify their banks and has offered them a two-year subscription to an identity theft monitoring service.

D. Howard Kass

D. Howard Kass is a contributing editor to MSSP Alert. He brings a career in journalism and market research to the role. He has served as CRN News Editor, Dataquest Channel Analyst, and West Coast Senior Contributing Editor at Channelnomics. As the CEO of The Viewpoint Group, he led groundbreaking market research.