Google has suffered an embarrassing insider data breach after an employee at a third-party vendor mistakenly sent personal information on an unspecified number of Mountain View employees to another company.
Google’s director of US benefits, Teri Wisness, was forced to write to the affected employees on Monday.
She explained the following:
“We recently learned that a third-party vendor that provides Google with benefits management services mistakenly sent a document containing certain personal information of some of our Googlers to a benefits manager at another company. Promptly upon viewing the document, the benefits manager deleted it and notified Google’s vendor of the issue. After the vendor informed us of the issue, we conducted an investigation to determine the facts.”
The personal details exposed apparently included Social Security numbers and names, but no details on benefits or family members.
“We have no evidence that any of your information has been misused as a result of this incident, and computer access logs indicate that no other individuals viewed your information before it was deleted,” Wisness continued.
“In addition, the benefits manager has confirmed that she did not save, download, disclose or otherwise use the information contained in the document.”
As a precaution, Google is offering the affected employees two-year’s worth of free credit monitoring.
Barry Scott, EMEA CTO at identity management firm Centrify, argued that the breach highlights the risks posed by third parties – even for a firm as well-resourced as Google.
“Dealing with third parties is an inevitability of modern day business, and so too is the risk of a data breach. Unfortunately, the two often go hand in hand,” he added.
“Businesses must incorporate an additional layer of defense in order to protect sensitive corporate data from the threats posed by potentially less security-minded third parties, and safeguard against the risks they face should hackers find a loophole in existing security processes."