The theft took place on November 17th and Facebook noticed that the drives were missing three days later, according to Bloomberg. The company is said to have determined on November 29th that the hard drives had payroll data on them, and today began informing affected employees.
The data reportedly includes employee names, banking details, salaries, bonus figures, stock information and the last four digits of social security numbers. The drives contained records for US employees who worked at Facebook in 2018, but didn't have any user data on them, a spokesperson confirmed to Engadget. The company is providing identity theft and credit monitoring to affected employees.
Facebook has been working with law enforcement, and while the drives haven't been recovered as yet, it has seen "no evidence of abuse." However, it's possible that the data may end up online somewhere. The employee whose car was broken into wasn't supposed to remove the hard drives from Facebook's office, and the company says it has "taken appropriate disciplinary action."
Here's Facebook's full statement on the matter, via a spokesperson:
"We are working with law enforcement as they investigate a recent car break-in and theft of an employee's bag containing company equipment with employee payroll information stored on it. We have seen no evidence of abuse and believe this was a smash and grab crime rather than an attempt to steal employee information.
"Out of an abundance of caution, we have notified the current and former employees whose information we believe was stored on the equipment – people who were on our U.S. payroll in 2018 – and are offering them free identity theft and credit monitoring services. This theft impacts current and former Facebook employees only and no Facebook user data was involved."