A car break-in resulted in Facebook's most recent data breach, which affected around 29,000 current and former employees and compromised their payroll data.
Last Friday, Facebook alerted affected employees of a data breach that occurred in November. A thief broke into an employee’s car and stole a bag containing unencrypted hard drives with employee payroll information. Banking data for around 29,000 current and former employees, a majority of whom had joined the company in 2018, was compromised. Data stolen included employee names, bank account numbers, and last four digits of social security numbers, as well as compensation information such as salaries, bonuses, and equity details. The hard drives did not contain Facebook user data.
According to Facebook, the hard drives should never have been out of the office and they have taken appropriate disciplinary actions against the employee responsible. Unfortunately none of the hard drives have been recovered, though in a statement to Bloomberg, Facebook said that they didn’t find any evidence of data abuse and has offered its employees a two-year subscription to an identity theft monitoring service. The company has also encouraged employees to notify their banks and open up new accounts.
While you can’t always prevent your or your employees’ cars from getting broken into, you can encrypt your hard drives and provide a robust employee training program and clear security policies (including accessible use policies that dictate the control of physical devices and approved device storage locations). Security policies should be easy-to-read, reviewed on a regular basis, and signed off on by employees.
Security training should cover essential cybersecurity topics such as phishing, cloud security, and password security as well as physical security. Physical security courses should detail how and what physical security measures are required to protect data and information systems.
If all else fails, cyber insurance can serve as your safety net and help you with forensic and investigation expenses, cover your customer and employee data loss, and more depending on your insurance coverage areas. Check out Zeguro’s cyber insurance coverages here.