Meta Reveals Internal Data from Its Contentious Employee Monitoring Initiative

Meta left potentially sensitive information gathered from employee laptops accessible to anyone within the company, according to an internal security notice reviewed by WIRED and confirmed by three current employees acquainted with the matter.

The data collected as part of a controversial project to train artificial intelligence models is believed to encompass keystrokes, mouse clicks, and the content shown on the screens of Meta’s US employees.

Initially, Meta spokesperson Tracy Clayton confirmed to WIRED that the company is probing the security issue. As this story was being finalized, he noted that Meta is halting the data collection program indefinitely. “We have designed this program with privacy precautions, and while we currently have no evidence that any data was improperly accessed by Meta employees, we’re pausing it during our investigation,” Clayton stated.

A security notice distributed on Monday indicated that “employee data across 45,000 hive tables” had been compromised. These tables included employee activities such as “full prompts and transcriptions, private conversations, as well as personal and performance data,” according to documents obtained by WIRED.

Some Meta employees swiftly highlighted the security lapse, expressing in internal forums that it confirmed concerns they had raised when the company began monitoring corporate laptops in April as part of the Model Capability Initiative.

Discussions about the incident on internal forums included inquiries regarding how Meta’s privacy assessments failed to avert the breach and whether everyone whose data was potentially compromised would be invited to a meeting addressing what went awry, as noted in posts seen by WIRED.

In an internal forum, where staff often share humor, an employee shared a meme from The Office featuring the character Jim Halpert holding a sign that reads, “0 days since our last nonsense.”

Sources at Meta, who were not authorized to speak publicly, informed WIRED that the incident has since been labeled as closed, suggesting it was likely addressed.

In a Monday internal post responding to employee queries, Andrew Bosworth, Meta’s chief technology officer, acknowledged that the execution of the tracking program had not met the standards established in its privacy review, and that insights from the incident would be disseminated. “We encountered misconfigured ACLs [access control lists] and need to comprehend how that occurred, track every data access, and understand it,” Bosworth wrote.

A couple of months ago, Bosworth reassured employees worried about possible data leaks that the tracking program is “rigorously controlled” and utilizes the same protective standards, storage systems, and access controls as other sensitive datasets, according to internal communications reviewed by WIRED.

Last month, over 1,600 employees at the tech titan signed an internal petition opposing the laptop surveillance initiative, cautioning that “gathering this data introduces both security and regulatory risks for Meta, including the possibility of breaches and unauthorized disclosures.” The petitioners also voiced concerns over what they perceived as insufficient safeguards instituted by Meta. One engineer conveyed a widely shared internal message asserting that having their laptop screen scraped for training data without consent felt like an invasion of privacy and amounted to exploitation.

Meta executives have previously defended the data-collection project, asserting its necessity for training AI systems to use software as humans do. In audio from a company meeting leaked last month, Mark Zuckerberg, Meta’s CEO, told employees that “AI models learn from observing really smart people doing things,” and noted that the “average intelligence of the people at this company is significantly higher” than that of average contractors who could be hired specifically for such data production.