Google has confirmed that personal data of US employees hired prior to 2006 has been stolen in a recent burglary.
Records kept at Colt Express Outsourcing Services, an external company used by Google and other companies to handle human-resources functions, were stolen in a burglary on 26 May.
An undisclosed number of employees' details and those of dependents, such as names, addresses, and social security numbers, were on the stolen computers. It is understood that Colt did not employ encryption to protect the information.
It is still unclear how many more of Colt Express's clients were affected by the breach. US employees of CNET Networks (publisher of ZDNet.co.uk) were also affected by the burglary, with around 6,500 employees' details stolen.
Although there is no evidence of misuse of the data to date, the information obtained could be used by ID thieves to create fake accounts and identities.
It has only come to light now that Google was one of the companies affected. Google itself was not burgled, nor were any of its internal systems compromised.
Danny Thorpe, former chief scientist at Borland and engineer at Google, who now works for Microsoft, was informed of the theft on 1 July.
"I've just received a letter from Google that personal data of Google employees hired prior to 31 December, 2005, may have been stolen in the 26 May burglary of Colt Express Outsourcing Services. No credit-card numbers were in the stolen data, just names, addresses, [social-security numbers]; all the info needed for a thief to open new accounts using your identity," said Thorpe.
According to Thorpe, Google has offered to cover the cost of a one-year subscription to a credit report and identity-theft monitoring service. Similar benefits were offered to CNET Networks employees last week.
ITworld.com reported last week that Colt Express was in financial difficulty and could not help those affected. The company's chief executive, Samuel Colt III, said in a statement: "We do not have the resources, financial and otherwise, to assist you further."
A Google spokesperson confirmed that Google is offering all affected employees and former employees a free, one-year credit-monitoring service.
"We take the security of our employees very seriously and require outside vendors to meet appropriate security standards. We review and update these standards on an on-going basis," the spokesperson said.
"Google is not currently using Colt's services and had made this decision long before this incident," the spokesperson said.