Search giant Google has suffered a data breach which compromised the security of its employees, after the company’s staff benefits vendor mistakenly sent an email containing sensitive data to the wrong recipient.
Google has today sent a formal apology to an undisclosed number of affected employees, viewable [PDF] on the Californian Attorney General’s website. The letter notifies of the data breach and advises staff to register for free identity protection checks and credit monitoring for the next two years.
The document explains how the third-party company, which provides Google with benefits management services, sent the personal information to a benefits manager at another firm by accident. The data included staff names and social security numbers, among other sensitive details.
Luckily for Google, the person who received it immediately recognised it as incorrectly directed private information, deleted the contents and notified Google’s vendor of the issue. Google is now conducting further investigation to ‘determine the facts’ and is working with the third-party provider to ensure that a similar incident doesn’t happen again.
“We have no evidence that any of your information has been misused as a result of this incident, and computer access logs indicate that no other individuals viewed your information before it was deleted,” Google reassured its employees.
It continued: “The benefits manager has confirmed that she did not save, download, disclose or otherwise use the information contained in the document.”
Last month it was reported by the Herald that the UK Ministry of Defence made a similar administrative blunder, accidentally sending a restricted NATO report containing codewords, coordinates, radio frequencies and other critical data on military exercises to local fishing and ferry operators at the end of March.
The Herald cited Scottish National Party defence spokesman Brendan O’Hara:“The careless circulation of this document represents a leak of highly sensitive information. This could compromise the safety and security of the whole exercise. The MoD must investigate this breach and review their communications procedures around exercises as soon as possible.”