Hard drive leak reveals salary data of 29,000 Facebook employees.

M.Sc. Chris Wojzechowski

Hard drive leak reveals salary data of 29,000 Facebook employees.

Another data protection scandal, in the form of a hard drive leak, is shaking the Facebook Group. Salary data is confidential information that you do not want to know in public. But this is what is happening now at the social media group Facebook. But nothing has been hacked. The information lay unencrypted on hard drives of an employee who had been stolen from her car.

Sensitive information on unencrypted hard disks.

In addition to the salary data, the names of those affected were also attached, as were the last four digits of the social security number and information on remuneration. Who has the data, possesses thus also information about the participation of coworkers innen in the enterprise. Any surcharges are also included in the list. A Facebook spokeswoman confirms that the incident is now being investigated.

It is not surprising that the employee was not authorized to take the hard disks with her. It is cases like these that show how valuable hard disk encryption can be. But also the fast reporting is decisive for preventive measures. A period of three days is too long, from theft to reporting.

employees inside Facebook were only informed after three weeks.

take precautions, inform the Bank and take other preventive measures – actions that are often only considered when the case arises. But if you have no idea about the theft of data, why take action? Meanwhile, the employees have been informed on Facebook. However, only three weeks after the lack of the hard disks – which have not reappeared yet.

Only employees in Facebook are affected by this case. The data of users are not affected. This error has disciplinary consequences for the responsible person – the Facebook spokesperson also confirms this.

Hard drive leak would have been only a material damage due to the encryption

Even if the use of encrypted hard disks entails additional costs and effort: Cases like these show that it can be worthwhile to accept this. They are not always the spectacular break-ins – digital and real. Sometimes it is the theft from the car that affects 29,000 people.

Photo of author

M.Sc. Chris Wojzechowski

My name is Chris Wojzechowski and I studied my Master in Internet Security in Gelsenkirchen a few years ago. I am one of two managing directors of AWARE7 GmbH and a trained IT Risk Manager, IT-Grundschutz practitioner (TÜV) and possess the test procedure competence for § 8a BSIG. Our bread and butter business is performing penetration testing. We are also committed to promoting a broad understanding of IT security in Europe, which is why we offer the majority of our products free of charge.