Facebook adds another data theft into its portfolio. Now it’s not about users, but their own employees. The company’s payroll data of about 29,000 employees were stored in hard drives which were stolen in a car theft of the company’s HR personnel last month.

Maybe, Facebook is not able to complete the year without any further security allegations. The company has been facing issues over users’ privacy and security from past years, and recent data theft of its own employees is now raising doubts about the company’s integrity and functioning methods.

The Theft

A person from the company’s payroll department was carrying hard drives containing information about employee names, the last four digits of employees’ social security numbers and bank account numbers of about 29,000 employees of Facebook. This data in those unencrypted hard drives were in his car which was stolen by a thief!

Though this was termed as just car stealing incident rather than intentional data theft, the company’s personnel carrying the data with him and outside of the office is termed suspicious. Why? Facebook later revealed that they have taken appropriate action on the person (car owner) responsible for this incident.

Theft Timeline

While the actual theft happened on November 17th this year, the company has realized the missing of hard drives on the 20th of November, which is three days later. After this, they’ve conducted a forensic investigation and concluded about specific data that was missing; payroll information. Facebook has informed the potential employees of this theft about the incident on December 13th.

Facebook’s official statement on this incident as, “We are working with law enforcement as they investigate a recent car break-in and theft of an employee’s bag containing company equipment with employee payroll information stored on it. We have seen no evidence of abuse and believe this was a smash and grab crime rather than an attempt to steal employee information.

Out of an abundance of caution, we have notified the current and former employees whose information we believe was stored on the equipment – people who were on our U.S. payroll in 2018 – and are offering them free identity theft and credit monitoring services. This theft impacts current and former Facebook employees only and no Facebook user data was involved.”

Facebook announced that it’s been working with relevant law enforcement agencies and assured to help those affected employees with theft-monitoring services for two years. Further, I asked them all to inform their respective banks about the incident.