Google has been breached! Did we catch your attention? Any news concerning Google and a data breach is worth your full attention. It proves that no company is invincible, Google included. So, what exactly happened?
Human Error Leads to a Data Breach Incident at Google
The following case is an example of a human error and illustrates how bad the consequences can be. A data incident has occurred when a manager of a third-party benefits vendor (of Google) sent a file with sensitive information about employees of Google, to a wrong recipient.
Google has already notified the authorities about the unintended data jeopardy. However, the exact number of exposed employees hasn’t been made public.
On May 9 (today) Google is supposed to start sending notification letters to compromised employees. The letter is titled “Notice of Data Breach”. Here is an excerpt of it:
Google’s Notice of Data Breach
I am writing to follow up on an email we recently sent you about an issue that involves your personal information. The details of the issue are below.
We recently learned that a third-party vendor that provides Google with benefits management services mistakenly sent a document containing certain personal information of some of our Googlers to a benefits manager at another company. Promptly upon viewing the document, the benefits manager deleted it and notified Google’s vendor of the issue. After the vendor informed us of the issue, we conducted an investigation to determine the facts.
What Information Was Involved?
The personal information contained in the document included your name and Social Security number. No other information about you or your Google benefits was contained in the document and it did not contain information about your dependents or family members. We have no evidence that any of your information has been misused as a result of this incident, and computer access logs indicate that no other individuals viewed your information before it was deleted. In addition, the benefits manager has confirmed that she did not save, download, disclose or otherwise use the information contained in the document.
What We Are Doing
We regret that this incident occurred, and are working with the vendor to help ensure that this type of issue does not happen again.
The letter has been signed by Teri Wisness, Director of U.S. Benefits at Google. Have a look at the whole Data Breach letter in PDF.
Luckily, only names and social security numbers have been exposed. The data hasn’t been abused in any way, since it hasn’t been obtained by a malicious actor. In addition, in compliance with the US laws, Google is now serving free identity protection and credit monitoring services to all affected employees for two years.