iStock | 360 | Getty Images

On the surface, it seems like another privacy hit for Facebook: a thief broke into an employee's car "recently," the company said Friday, taking company equipment including hard drives. The company said the hard drives contained unencrypted personal data of current and former Facebook employees, and alerted current and former employees to the theft "out of an abundance of caution." But this is unlikely to be a data problem of any significance to Facebook for a simple reason: thefts of computer equipment remain almost entirely about re-selling that equipment as a commodity, not lifting the data and selling the information as well. In fact, the announcement is possibly a testament to Facebook's improved transparency on data protection issues, and the heightened regulatory obligations for telling affected people when their data could possibly be viewed by an outside party. It's also illustrates how slow change can be in the cybersecurity sphere, since this type of theft, and the outrage it provokes, are so similar to other incidents that are decades old.

A brief history of the oldest type of data theft

Data theft by stolen or lost hard drive is probably one of the oldest types of computer security "breaches." Banks were most likely to fall victim to incidents similar to the Facebook equipment theft. Take this case from 2005, in which data on 3.9 million Citigroup customers was lost in a UPS mix-up of back-up magnetic data tapes. "Executives at Citigroup said the tapes were picked up by UPS early in May and had not been seen since," reads a New York Times piece on the incident from June 7, 2005. "The tapes contained names, addresses, Social Security numbers, account numbers, payment histories and other details on small personal loans made to millions of customers through CitiFinancial's network of more than 1,800 lending branches." "It was, however, the latest in a series of recent data-security failures involving nearly every kind of institution that compiles personal information -- ranging from data brokers like ChoicePoint and LexisNexis to financial institutions like Bank of America and Wachovia to the media giant Time Warner to universities like Boston College and the University of California, Berkeley," the 14-year-old article continues. "All these institutions have reported data breaches in the last five months, affecting millions of individuals and spurring Congressional hearings and numerous bills aimed at improving security in the handling of sensitive consumer information." As Matthew McConnaughey once said, channeling Friedrich Nietzsche: "Time is a flat circle." There have been a handful of cases where physical data theft has led to a genuine electronic data breach, however, but these are usually done with specific intent. In one case that sparked a class action (and was later settled for $5,000 per affected individual, a significant number for a data breach), a hospital worker in Alabama stole medical records from an unlocked room, and shared them with criminal partners online who then filled out fraudulent tax returns in the victims' names. It was a rare case where individuals could prove immediate, material harm from a data breach. This was almost certainly not the intent of the Facebook car thief.

Why there's little reason to worry