Meta is investigating a security issue in which employee data collected as part of a program to train artificial intelligence models was exposed internally. The data, which Meta is believed to have collected from US employees' corporate laptops, includes keystrokes, mouseclicks, and content displayed on their computer screens. A security notice sent out Monday indicated that employee data across 45,000 hive tables had been exposed, including full prompts and transcriptions, private conversations, and people and performance data.
Meta spokesperson Tracy Clayton confirmed the company is investigating the issue and said Meta is pausing the data collection program indefinitely. "We have carefully designed this program with privacy safeguards and while we have no indication at this time that any data was improperly accessed by Meta employees, we're pausing it while we investigate," Clayton said. The program, known as the Model Capability Initiative, began in April and has been divisive internally.
Andrew Bosworth, Meta's chief technology officer, acknowledged in an internal post that the tracking program's implementation fell short of the standards outlined in its privacy review, citing misconfigured access control lists. "Here we had misconfigured ACLs [access control lists] and we need to understand how that happened, track down every data access and understand it," Bosworth wrote. Sources at Meta told WIRED the incident has been marked as closed, meaning it was likely resolved. Some employees used internal forums to criticize how the privacy reviews failed to prevent the breach.