The Facebook Insider

Friday the 13th  is a day that has been long associated with bad omens. This became a reality for almost 30,000 Facebook staff though on Friday the 13th of  December.

Almost 30,000 employee payroll records were stolen. The theft left information security professionals scratching their heads because it was a rather unusual set of circumstances that unfolded.

A Facebook employee who worked in the payroll team decided to take a hard drive home that contained the staff payroll records. The hard drive was then left in that member of staff’s car over the weekend. At some point that weekend the car was allegedly broken into and the hard drive was stolen. To make matters worse the data on the hard drive had NOT been encrypted. So all that sensitive data was open to anyone to read.

The contents of the hard drive included a wealth of payroll data including:

  • Employee names;
  • Employee bank details;
  • Employee salaries;
  • Bonuses that were awarded;
  • Equity details; and
  • The last 4 digits of their social security numbers.

It is believed that that hard drive was stolen on November 17th  and Facebook claim they became aware of the issue on November 20th , 3 days later. Facebook say they launched a forensic investigation on the 29th and then notified the near 30,000 impacted staff members on Friday 13th of December, 24 days after they became aware of it.

Facebook have asserted that when they notified the impacted members of staff they told them to get in contact with their banks and the staff were offered a year of credit monitoring. Thankfully at this stage it doesn’t seem that any staff member suffered any loss and the records don’t seem to have yet been made public. Facebook may have got lucky here.

In a recent statement Facebook informed the public that the staff member who took the hard drive home had been in breach of strict rules that prohibited data to be taken offsite. The staff member is now facing serious disciplinary action which Facebook have refused to go into detail on.

This case is suspicious and highlights some common issues with insider threats. Why did that member of staff want to take payroll data home in the first place? Clearly removing data wasn’t allowed nor could it have been to complete urgent work at home because they left the hard drive in the car all weekend. The hard drive is then stolen but the employee doesn’t let Facebook know for 3 days. Assuming that the staff member wasn’t away on holiday why was a break-in to their car not reported to the police or anyone else immediately?

Cases of employees downloading company data and taking it offsite are increasing in number and severity. Send a reminder out to staff that they are not to take certain types of data home and if you do allow data to be taken offsite then make sure it is being encrypted. Make sure staff know the reasons why you don’t allow these things to happen and welcome any suggestions they have to enable them to work efficiently.


For more information on insider threat issues check out our insider threat research HERE

Want some help building your insider threat programme? Get in touch


Related Posts

Insider Theft of $119M worth of Coca Cola IP

Insider Theft of $119M worth of Coca Cola IP

What happened? An engineer who worked for Coca Cola and other manufacturers is alleged to have stolen valuable trade secrets in order to set up her own company in China using the stolen technology. Xiarong You has been accused of insider theft and economic espionage...

Tesla Insider Threat Case (Khatilov)

Tesla Insider Threat Case (Khatilov)

Tesla Insider Threat Case Study   According to the official Filing, Tesla is suing a former employee and software engineer named Alex Khatilov alleging trade secret theft and breach of contract. What actually happened? Khatilov was hired by Tesla in to work on...

Insider Threat $800K Rogue Admin

Insider Threat $800K Rogue Admin

Rogue Admin: Disgruntled former IT admin Charles E. Taylor quit his job at an unnamed Atlanta based distribution company before going on a sabotage spree costing the company $800,000 USD to redress.