Facebook can’t even protect the data of 30k employees
Facebook has committed multiple mistakes and omissions in terms of users’ privacy and data protection for at least the last couple of years, and it appears 2019 will be ending with the company wrapped in a new security scandal. Due to the theft of one of the company employees’ car, the bank details of thousands of Facebook employees, stored on unencrypted hard drives, were compromised. Potentially affected employees received a notification from Facebook last December 13.
The thief reportedly took away a hard drive owned by Facebook, which contained multiple details about nearly 29k social media employees, all based in the US. Among the compromised information were:
- Full
names - Bank
account numbers - Last
four digits of their social security numbers - Salary,
bonuses, among other payroll data
In a statement for the prestigious firm
Bloomberg, a Facebook spokesperson acknowledged the incident, mentioning that
this is the consequence of the theft suffered by an employee, whose name was
not disclosed, adding that the company is already in collaboration with the authorities
and data protection services for the prevention of any possible fraud using the
compromised information.
Facebook spokesperson claims that so far no
evidence of malicious activity has been detected, so the company believes the
thief was not directly targeting these hard drives and was only trying to steal
valuables.
According to the spokespersons statements, the
incident would have occurred on November 17th and, although no specific reason
was mentioned, Facebook learned of the lack of these hard drives until several
days later. After an internal investigation, the social
media giant found that the lost hard drives contained thousands of
payroll records of its employees in the US, so days later all potentially
affected were notified.
It seems that the employee who had these hard
drives at the time of the robbery is part of Facebook’s finance team. According
to the company’s spokesperson, for data protection reasons, no employee is
allowed to carry these resources outside Facebook offices, so internal measures
were determined to correct this behavior.
Facebook is working with law enforcement
agencies in the US to try to retrieve compromised information; so far there is
no indication of the person responsible for the incident, although some illegal
trading platforms are still being monitored. Facebook advised affected
employees to notify their respective banks, as well as offer online identity
fraud protection services for free.
According to data protection specialists from
the International Institute of Cyber Security (IICS), all of our activity logs in
social media such as Facebook are collected in real time by multiple companies
that use this information to launch more invasive and personalized advertising.
Despite being increasingly questioned about its poor information protection
measures, Facebook continues to commit severe flaws that compromise the
security of its thousands of employees and millions of users worldwide.
He is a well-known expert in mobile security and malware analysis. He studied Computer Science at NYU and started working as a cyber security analyst in 2003. He is actively working as an anti-malware expert. He also worked for security companies like Kaspersky Lab. His everyday job includes researching about new malware and cyber security incidents. Also he has deep level of knowledge in mobile security and mobile vulnerabilities.
Gloss