Hard drive leak reveals salary data of 29,000 Facebook employees.

Hard drive leak reveals salary data of 29,000 Facebook employees.

Another data protection scandal, in the form of a hard drive leak, is shaking the Facebook Group. Salary data is confidential information that you do not want to know in public. But this is what is happening now at the social media group Facebook. But nothing has been hacked. The information lay unencrypted on hard drives of an employee who had been stolen from her car.

Sensitive information on unencrypted hard disks.

In addition to the salary data, the names of those affected were also attached, as were the last four digits of the social security number and information on remuneration. Who has the data, possesses thus also information about the participation of coworkers innen in the enterprise. Any surcharges are also included in the list. A Facebook spokeswoman confirms that the incident is now being investigated.

It is not surprising that the employee was not authorized to take the hard disks with her. It is cases like these that show how valuable hard disk encryption can be. But also the fast reporting is decisive for preventive measures. A period of three days is too long, from theft to reporting.

employees inside Facebook were only informed after three weeks.

take precautions, inform the Bank and take other preventive measures – actions that are often only considered when the case arises. But if you have no idea about the theft of data, why take action? Meanwhile, the employees have been informed on Facebook. However, only three weeks after the lack of the hard disks – which have not reappeared yet.

Only employees in Facebook are affected by this case. The data of users are not affected. This error has disciplinary consequences for the responsible person – the Facebook spokesperson also confirms this.

Hard drive leak would have been only a material damage due to the encryption

Even if the use of encrypted hard disks entails additional costs and effort: Cases like these show that it can be worthwhile to accept this. They are not always the spectacular break-ins – digital and real. Sometimes it is the theft from the car that affects 29,000 people.

Photo of author

Chris Wojzechowski

Mein Name ist Chris Wojzechowski und ich habe vor wenigen Jahren meinen Master in Internet-Sicherheit in Gelsenkirchen studiert. Ich bin geschäftsführender Gesellschafter der AWARE7 GmbH und ausgebildeter IT-Risk Manager, IT-Grundschutz Praktiker (TÜV) und besitze die Prüfverfahrenskompetenz für § 8a BSIG. Unser Brot und Buttergeschäft ist die Durchführung von Penetrationstests. Wir setzen uns darüber hinaus für ein breites Verständnis für IT-Sicherheit in Europa ein und bieten aus diesem Grund den Großteil unserer Produkte kostenfrei an.