Google employees' personal details were leaked by a third-party company who handles the search giant's benefit management. Someone working at the vendor accidentally breached the information when they sent a file containing data about Google employees to a manager at another company. Google has notified all its affected employees.
Google hit by insider data breach
The letter was sent by a manager at a vendor responsible for providing Google with unspecified benefits. Thanks to recipient's quick thinking about the implications, she neither downloaded or shared the document. Notifying Google immediately, the manager who was mistakenly sent the personal data of an unknown number of Google employees also deleted the file from her computer, knowing the implications of an accidental data exposure.
We recently learned that a third-party vendor that provides Google with benefits management services mistakenly sent a document containing certain personal information of some of our Googlers to a benefits manager at another company. Promptly upon viewing the document, the benefits manager deleted it and notified Google’s vendor of the issue. After the vendor informed us of the issue, we conducted an investigation to determine the facts.
Google claims that the file containing personal information of its employees only had the names and social security numbers of the employees. The company has specified that credit card information, employee benefits, or any other information wasn't included in the leaked document.
The search giant started sending notification letters to affected employees earlier this week, a copy of which is shared below. Google has also informed the authorities of this incident, however, the number of affected employees is unknown.
We have no evidence that any of your information has been misused as a result of this incident, and computer access logs indicate that no other individuals viewed your information before it was deleted. In addition, the benefits manager has confirmed that she did not save, download, disclose or otherwise use the information contained in the document. - Google wrote in the notification letter to its employees.
While Google confirms that the data wasn't accessed by any other individuals, following the US laws it is providing free identity protection and credit monitoring services to all the affected employees for two years.
A copy of the notification letter is available on the website of the Office of Attorney General for the State of California (via Softpedia).