Facebook can’t even protect the data of 30k employees; how will it protect yours?

Facebook has committed multiple mistakes and omissions in terms of users’ privacy and data protection for at least the last couple of years, and it appears 2019 will be ending with the company wrapped in a new security scandal. Due to the theft of one of the company employees’ car, the bank details of thousands of Facebook employees, stored on unencrypted hard drives, were compromised. Potentially affected employees received a notification from Facebook last December 13.

The thief reportedly took away a hard drive owned by Facebook, which contained multiple details about nearly 29k social media employees, all based in the US. Among the compromised information were:

  • Full names
  • Bank account numbers
  • Last four digits of their social security numbers
  • Salary, bonuses, among other payroll data

In a statement for the prestigious firm Bloomberg, a Facebook spokesperson acknowledged the incident, mentioning that this is the consequence of the theft suffered by an employee, whose name was not disclosed, adding that the company is already in collaboration with the authorities and data protection services for the prevention of any possible fraud using the compromised information.

Facebook spokesperson claims that so far no evidence of malicious activity has been detected, so the company believes the thief was not directly targeting these hard drives and was only trying to steal valuables.

According to the spokespersons statements, the incident would have occurred on November 17th and, although no specific reason was mentioned, Facebook learned of the lack of these hard drives until several days later. After an internal investigation, the social media giant found that the lost hard drives contained thousands of payroll records of its employees in the US, so days later all potentially affected were notified.

It seems that the employee who had these hard drives at the time of the robbery is part of Facebook’s finance team. According to the company’s spokesperson, for data protection reasons, no employee is allowed to carry these resources outside Facebook offices, so internal measures were determined to correct this behavior.

Facebook is working with law enforcement agencies in the US to try to retrieve compromised information; so far there is no indication of the person responsible for the incident, although some illegal trading platforms are still being monitored. Facebook advised affected employees to notify their respective banks, as well as offer online identity fraud protection services for free.

According to data protection specialists from the International Institute of Cyber Security (IICS), all of our activity logs in social media such as Facebook are collected in real time by multiple companies that use this information to launch more invasive and personalized advertising. Despite being increasingly questioned about its poor information protection measures, Facebook continues to commit severe flaws that compromise the security of its thousands of employees and millions of users worldwide.