14 DAY TRIAL // Google has started notifying affected employees of a data breach that occurred when one of the managers of a third-party benefits vendor sent a file containing sensitive information about Google employees to the wrong person.
The search giant has already informed all authorities regarding the accidental sensitive data exposure but has not specified how many employees were affected.
Google will start sending notification letters to all affected employees starting today, May 9, 2016. A copy of the notification letter is available via the Office of Attorney General for the State of California, and embedded at the bottom of this article.
The data was never in the possession of a malintent person
The letter specifies that the incident took place outside of Google's control when the manager of a third-party company that provides Google with unspecified benefits sent a file with data about Google employees to another manager at another benefits vendor.
Since the recipient of the sensitive data knew the implications of the accidental data exposure, he did not attempt to download or share the document, immediately deleted it from his computer, and then notified Google's vendor of the incident.
"We have no evidence that any of your information has been misused as a result of this incident, and computer access logs indicate that no other individuals viewed your information before it was deleted," Google wrote in its notification letter. "In addition, the benefits manager has confirmed that she did not save, download, disclose or otherwise use the information contained in the document."
Only names and SSNs were exposed
According to Google, the file in question contained information about the names and Social Security numbers of multiple Google employees. The company specifies that the file did not include any information about employee benefits, nor any information about family members and dependents.
In line with US laws, Google is now providing free identity protection and credit monitoring services for two years for all affected employees.
Two weeks ago, officials of the UK Ministry of Defence had also accidentally sent out an email to the wrong persons. Officials sent a NATO report containing military codes and other military tactics to fishermen and ferry boat operators in the region where military games were taking place. Just as this Google incident, it was all because of the sender of an email did not double-check the recipient's email address.