Google notified employees of a data breach that occurred when one of the managers of a third-party benefits vendor sent a file containing sensitive information about Google employees to the wrong person.
Google already informed all authorities regarding the accidental sensitive data exposure but has not specified how many employees suffered from the issue.
Google started sending notification letters to all affected employees Monday. A copy of the notification letter is available via the Office of Attorney General for the State of California.
The letter specifies the incident took place outside of Google’s control when the manager of a third-party company that provides Google with unspecified benefits sent a file with data about Google employees to another manager at another benefits vendor.
Since the recipient of the sensitive data knew the implications of the accidental data exposure, he did not attempt to download or share the document, immediately deleted it from his computer, and then notified Google’s vendor of the incident.
“We have no evidence that any of your information has been misused as a result of this incident, and computer access logs indicate that no other individuals viewed your information before it was deleted,” Google wrote in its notification letter. “In addition, the benefits manager has confirmed that she did not save, download, disclose or otherwise use the information contained in the document.”
Google said the file in question contained information about the names and Social Security numbers of multiple Google employees. The company specifies the file did not include any information about employee benefits, nor any information about family members and dependents.
The search giant is providing free identity protection and credit monitoring services for two years for all affected employees.