On November 17th of this year, a vehicle belonging to an employee of Facebook was broken into. In the process, the 2018 payroll information for approximately 29,000 Facebook employees that was stored on an unencrypted hard drive in the vehicle was stolen. It took nearly two weeks for the company to realize what the drive contained, and then it took an additional two weeks for Facebook to begin notifying employees who may have been affected. Although it is unlikely that the thief’s sole intention was to steal the data, they walked away with a good amount of valuable information that included employees’ names, bank account numbers, partial Social Security numbers, salaries, bonus details, and information regarding equity. Authorities are working closely with Facebook to investigate and the company has decided to offer free identity and credit monitoring services to those that were affected.
This is a very unfortunate situation that could have been avoided by enforcing good data security policies. Drives and other portable devices containing important or sensitive information should be fully encrypted and kept in the custody of an employee at all times during transport. If the data on a drive is no longer needed, it should be securely wiped or stored elsewhere. It is also important to have trusted contacts within law enforcement agencies; law enforcement can have a significant role in recovering data, especially in this type of situation involving physical theft.