‘Some of our Googlers’ hit by Social Security number breach at Google

Security is only as good as its weakest link. And Google, one of the world’s largest and most far-reaching companies, has a lot of links.

The tech titan on Monday notified California’s Attorney General that the names and Social Security numbers of an undisclosed number of employees were accidentally leaked. The firm provided the AG’s office with the letter it sent Monday to affected workers.

“We recently learned that a third-party vendor that provides Google with benefits management services mistakenly sent a document containing certain personal information of some of our Googlers to a benefits manager at another company,” the letter said. “Promptly upon viewing the document, the benefits manager deleted it and notified Google’s vendor of the issue.”

SiliconBeat asked Google to explain the timeline, as the breach occurred March 29, according to the AG’s office, and the notification letter wasn’t issued for more than a month. Google declined to comment. However, such breaches are typically investigated before any notifications are issued – the federal government, for example, found out in April 2015 that hackers had breached the Office of Personnel Management database, potentially compromising personal data of some 4 million current and former U.S. government employees, but didn’t reveal the intrusion until June.

A Google investigation, according to the letter, found no evidence that any of the escaped data was misused. “Computer access logs indicate that no other individuals viewed your information before it was deleted,” the letter said. “In addition, the benefits manager has confirmed that she did not save, download, disclose or otherwise use the information contained in the document.”

Google offered affected employees two years of free identity protection and credit monitoring, and noted that federal law allows citizens to obtain one free credit report per year.

Meanwhile, in events not related to the breach of Googlers’ information, reports of a massive data theft that purportedly put 272 million emails and passwords, including many from Gmail, Yahoo and Microsoft, into the Russian underworld were overblown, Vice’s Motherboard reported. “There’s actually no reason to freak out whatsoever,” Motherboard reported. The data likely came from older breaches, the news outlet said. “Would-be hackers routinely put lists like these together to sell them to other hackers or spammers and make a quick buck,” the article said.

There were nearly 24 million Gmail credentials within the data, but according to Motherboard, Google analyzed a portion of the data and found that “the overwhelmingly vast majority” involved non-functioning addresses.

“More than 98 percent of the Google account credentials in this research turned out to be bogus,” a Google spokesperson told Motherboard. “As we always do in this type of situation, we increased the level of login protection for users that may have been affected.”


Photo: Google’s data center in Council Bluffs, Iowa. (AP/Google, Connie Zhou)


Tags: , , , , , , ,


Share this Post

  • EllaFino

    So basically it wasn’t a breach like the headline stated but a mistake by an employee.

  • papakurt

    Lots of links, and some obviously are not as strong as they should be. Exactly why I leave a very small electronic footprint on the web. No Google, Facebook, Twitter, LinkIn, or any other social media. That’s just asking for trouble.