14 DAY TRIAL // Snapchat has announced it was the victim of a data breach during which unknown attackers stole the payroll information of some of its employees.
The incident took place on Friday, February 26, but was only announced yesterday, after the company finished its investigation.
According to Snapchat's security team, a staff member from its payroll department fell for a spear-phishing scam sent by the attacker, who was posing as the company's CEO.
The scammer was urgently asking for employee payroll information, and the careless staffer failed to notice that the email was not sent from his boss' real email address.
The staffer responded, attaching payroll information for current and former Snapchat employees.
As soon as the scam was detected, four hours after the email was sent, Snapchat's team started an internal investigation, notified the FBI, and also contacted all affected employees.
Unknown number of affected employees
The company was not specific about what "payroll information" included, but generally, companies keep employee information, such as salary details, social security numbers, bank details, home addresses, emails, and even personal IDs, in the payroll database.
Snapchat has not said how many employees were affected, but they have announced they'll be offering two years of free identity-theft insurance and monitoring to all affected employees.
"When something like this happens, all you can do is own up to your mistake, take care of the people affected, and learn from what went wrong," the Snapchat team writes on their blog. "To make good on that last point, we will redouble our already rigorous training programs around privacy and security in the coming weeks."
Despite their best efforts, most companies fail to set up proper data breach defensive measures. Just in the past year, companies around the world suffered 1,673 data breaches and lost over 707 million records.