Google notifies employees of breach by vendor
Even Google has breaches that need to be reported. From a notification letter to Googlers that will be going out on May 9th:
I am writing to follow up on an email we recently sent you about an issue that involves your personal information. The details of the issue are below.
We recently learned that a third-party vendor that provides Google with benefits management services mistakenly sent a document containing certain personal information of some of our Googlers to a benefits manager at another company. Promptly upon viewing the document, the benefits manager deleted it and notified Google’s vendor of the issue. After the vendor informed us of the issue, we conducted an investigation to determine the facts.
What Information Was Involved?
The personal information contained in the document included your name and Social Security number. No other information about you or your Google benefits was contained in the document and it did not contain information about your dependents or family members. We have no evidence that any of your information has been misused as a result of this incident, and computer access logs indicate that no other individuals viewed your information before it was deleted. In addition, the benefits manager has confirmed that she did not save, download, disclose or otherwise use the information contained in the document.