Facebook headquarters from aerial view Facebook Inc. headquarters stands in this aerial photograph taken above Menlo Park, California, U.S., on Wednesday, Oct. 23, 2019. (Photo: Sam Hall/Bloomberg)

(Bloomberg) — Personal banking information for tens of thousands of Facebook Inc. workers in the U.S. was compromised last month when a thief stole several corporate hard drives from an employee's car.

The hard drives, which were unencrypted, included payroll data such as employee names, bank account numbers and the last four digits of employees' Social Security numbers, according to an email Facebook shared with staff Friday morning. The drives also included compensation information, including salaries, bonus amounts, and some equity details.

In total, the drives contained personal data for about 29,000 U.S. employees who worked at Facebook in 2018, a spokeswoman confirmed. Facebook has faced several instances in recent years of exposing personal data of the social network's users. However, the stolen drives didn't include Facebook user data, the spokeswoman said.

"We worked with law enforcement as they investigated a recent car break-in and theft of an employee's bag containing company equipment with employee payroll information stored on it," the spokeswoman said in a statement shared with Bloomberg. "We have seen no evidence of abuse and believe this was a smash and grab crime rather than an attempt to steal employee information."

The break-in happened on Nov. 17, and Facebook realized the hard drives were missing on Nov. 20, according to the internal email. On Nov. 29, a "forensic investigation" confirmed that those hard drives included employee payroll information. Facebook started alerting affected employees on Friday Dec. 13.

The employee who was robbed is a member of Facebook's payroll department, and wasn't supposed to have taken the hard drives outside the office. "We have taken appropriate disciplinary action," the spokeswoman said. "We won't be discussing individual personnel details."

Facebook is still working with law enforcement to recover the information, though none of the hard drives have been found. In an email, Facebook encouraged employees to notify their banks and offered them a two-year subscription to an identity theft monitoring service.

READ MORE:

Copyright 2019 Bloomberg. All rights reserved. This material may not be published, broadcast, rewritten, or redistributed.

Complete your profile to continue reading and get FREE access to BenefitsPRO, part of your ALM digital membership.

Your access to unlimited BenefitsPRO content isn’t changing.
Once you are an ALM digital member, you’ll receive:

  • Breaking benefits news and analysis, on-site and via our newsletters and custom alerts
  • Educational webcasts, white papers, and ebooks from industry thought leaders
  • Critical converage of the property casualty insurance and financial advisory markets on our other ALM sites, PropertyCasualty360 and ThinkAdvisor
NOT FOR REPRINT

© 2024 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.