
Thief Stole Payroll Data for Thousands of Facebook Employees - JumpCrisscross
https://www.bloomberg.com/news/articles/2019-12-13/thief-stole-payroll-data-for-thousands-of-facebook-employees
======
Cookingboy
>The hard drives, which were unencrypted, included payroll data like employee
names, bank account numbers and the last four digits of employees’ social
security numbers, according to an email Facebook shared with staff Friday
morning. The drives also included compensation information, including
salaries, bonus amounts, and some equity details.

How did information like that get on unencrypted local hard drives in the
first place?

Sure leaving it in a car is bad, but this stuff shouldn't be left around
anywhere, not even an employee's home.

~~~
jkaptur
Excel.

~~~
JumpCrisscross
> _Excel_

I have Excel documents on my SSD. They're still protected by, at the very
least, whole-disk encryption.

------
Zaheer
I would think that publishing this story (although a responsibility) may make
things worse. Now the thief knows what he has is valuable.

~~~
bredren
This was probably in the bay. Which is one of the worst car break in spots in
the country. Thieves dump anything they can not sell immediately. If it was
drives, they are in a dumpster or a dump.

If it is a laptop, the data can only be accessed now if you pull the drive, or
boot it to some kind of guest/safe mode. I'd guess whoever gets this won't
know what they have and will wipe it.

That said, if someone figured out this was what it is, the data is probably
worth what, millions of dollars? Is there a way the company could create a
reward for this? Who would buy this kind of data, or who would pay to have it
leaked? Who is it most useful to if held in secret?

The most damaging would probably be if it fell into the hands of The Intercept
or Wikileaks, who could drip it out.

~~~
pixl97
Hard to say where the data could end up. If someone pulled the drive and kept
it, it could sit around for years doing nothing. It if it immediately got to a
black hat it could be sold off on the darknet. Probably not for millions
though.

------
RodgerTheGreat
I for one applaud Facebook's new efforts to apply radical transparency to the
personal information of their employees, as they have done in the past for
their users.

Just like your circles of friends, browsing activity, unsent messages, sexual
orientation, credit card purchases, webcams, microphones, address books, and
geographic location, your banking records want to be free!

The only people who can be harmed by such honesty are those with something to
hide, after all- and surely none of _you_ have something to hide?

------
tempsy
Strange story...unclear if the thief knew what was on the hard drives. Would
be a much stranger story if they did.

~~~
mcraiha
I would speculate that stealing/copying that info and selling it to e.g.
Glassdoor would net you some easy money. Specially if you know who carries
stuff like that around.

------
ogre_codes
This is a perfect example of why I don't trust Facebook or Google with much in
the way of personal confidential information. People say it's in their best
interest to keep your data confidential, but even the best people screw up and
as these companies get more bloated, employee competency goes down and apathy
increases.

~~~
moreorless
Nothing to worry about. Mark will offer everyone 1 year of free credit
monitoring.

~~~
KorematsuFred
From the news article:

> In an email, Facebook encouraged employees to notify their banks and offered
> them a two-year subscription to an identity theft monitoring service.

~~~
perl4ever
But what if I already have one from another breach?

------
kerng
This doesn't help increase the confidence in Facebook's security posture....
ongoing security and privacy debacles..

------
neonate
[https://outline.com/8nJ69A](https://outline.com/8nJ69A)

------
hiccuphippo
Karma.

