Banking information, Social Security digits, names and salaries were stolen from several unencrypted hard drives left in a payroll employee's car, a report says.
Corinne ReichertSenior Writer
Corinne Reichert (she/her) grew up in Sydney, Australia and moved to California in 2019. She holds degrees in law and communications, and currently writes news, analysis and features for CNET across the topics of electric vehicles, broadband networks, mobile devices, big tech, artificial intelligence, home technology and entertainment. In her spare time, she watches soccer games and F1 races, and goes to Disneyland as often as possible.
I've been covering technology and mobile for 12 years, first as a telecommunications reporter and assistant editor at ZDNet in Australia, then as CNET's West Coast head of breaking news, and now in the Thought Leadership team.
The personal banking information for thousands of Facebook employees was stolen last month, Bloomberg reported earlier Friday. The data breach reportedly occurred when someone stole multiple unencrypted physical hard drives from a
payroll staffer's car. Info on the hard drives included names, bank account numbers, the last four Social Security Number digits, salaries, bonus amounts and equity details, the report said.
The drives contained personal data for about 29,000 Facebook employees, Bloomberg said, quoting a company spokesperson. Facebook reportedly alerted staff on Dec. 13 after discovering the theft on Nov. 20. The drives were stolen on Nov. 17, the report said.
"We worked with law enforcement as they investigated a recent car break-in and theft of an employee's bag containing company equipment with employee payroll information stored on it," a Facebook spokeswoman confirmed in an email to CNET. "We have seen no evidence of abuse and believe this was a smash-and-grab crime rather than an attempt to steal employee information."
Facebook added the people affected were on its US payroll in 2018, and that it is providing identity theft and credit monitoring services to them. No Facebook user data was taken in the theft.
Originally published Dec. 13, 1:17 p.m. PT. Update, 2:21 p.m.: Adds confirmation and comment from Facebook.