Image source: https://hackaday.com/2018/10/18/ask-hackaday-why-arent-we-hacking-cellphones/
When someone tells us they were robbed, we usually imagine they got their wallet, phone, or even car stolen. In this case, yes, a car was broken into. Though, this burglar did not cause the loss of just one person’s belongings, but instead, 29,000 Facebook employees.
The robber used their conniving little hands to steal a Facebook payroll employee’s unencrypted hard drive, via car break-in. On this hard drive contains thousands of Facebook employees’ personal information that’ve been hired since 2018, including their “bank account numbers, employee names, the last four digits of their social security numbers, their salaries, bonuses, and equity details” (Lee, 2019).
Image source: https://towardsdatascience.com/detecting-personal-data-within-api-communication-using-deep-learning-9e52a1ff09c6
Despite the hard drive’s absence of Facebook user data (lucky for us), this still raised the question as to how safe is this company keeping our private information? We’re not so hopeful, based on previous privacy scandals (it even took them over a month to alert employees of this incident in particular).
In order to alleviate concern, Facebook is offering its affected employees a 2-year subscription to an identity theft protection service. Though, we are still left in the dark about are few things. 1) What is the robbers’ intention for stealing the hard drives? 2) Why was this hard drive in an employee’s car in the first place? and 3) Why was the hard drive unencrypted?
Facebook claims we have nothing to worry about but considering their history of carelessness with their users’ private information, I believe alarm is warranted. This story reminded me that any of us who use the internet have much more at stake than just what we carry on our person. Maybe we should practice the same diligent protection we have over our private information as we do with our phone and wallet.
Source material: https://www.theverge.com/2019/12/13/21020736/facebook-theft-unencrypted-drives-employee-payroll-security