REPORTING ON DATA BREACHES can feel a bit samey after a while, so it's thoroughly decent of Facebook to give us the opportunity to mix it up a bit. The company has been forced to apologise after the latest theft came not from an unprotected server, but from a car.
Yes, the unencrypted hard drive was stolen from an employee's car. On it: data for some 29,000 Facebook employees from last year, including names, bank account numbers, salaries, bonuses, equity numbers and the last four digits of their social security numbers. And yes, we did say "unencrypted".
"We have seen no evidence of abuse and believe this was a smash and grab crime rather than an attempt to steal employee information," a Facebook spokesperson told Bloomberg. You'd hope so - the Venn diagram between "carjackers" and "cybercriminals" should basically be two circles.
Facebook says it's still working with police to recover the missing hard drives and has offered impacted employees two-year subscriptions to identity theft protection services in the meantime. But the company is also facing criticism at how long it took to come clean - the break-in took place on 17 November, yet Facebook only notified staff on Friday morning.
This may sound beautifully inept in and of itself, but the real cherry on the cake is still to come. It turns out that the employee wasn't supposed to have the hard drive out of the office in the first place.
"We have taken appropriate disciplinary action," a spokesperson told the site. "We won't be discussing individual personnel details," she added, showing that the company hasn't completely forgotten about the principles of privacy, but it does leave us wondering what "appropriate" is in this context. A slap on the wrist? A fine? Tar and feathers?
Guess we'll just have to wait for it that information to leak on another hard disk, then. Maybe this one will unexpectedly turn up in a charity shop. µ
- Send to