Meta exposed internal employee data collected through its controversial AI training program, according to internal documents and employee reports. The company confirmed it is investigating the breach, which involved keystroke and productivity metrics from US employees.
Incident Details: How the Data Was Exposed
Meta’s internal security notice revealed that employee data across 45,000 hive tables had been exposed, including “full prompts and transcriptions, private conversations, people and performance data,” according to documents viewed by WIRED. The breach occurred as part of the Model Capability Initiative (MCI), a program that collects computer inputs like mouse movements, keystrokes, and screen content to train AI models. A Meta spokesperson stated, “We have carefully designed this program with privacy safeguards,” but acknowledged the incident. “We have no indication at this time that any data was improperly accessed by Meta employees,” the statement added.
One internal forum post included a meme referencing *The Office* character Jim Halpert holding a sign that read, “0 days since our last nonsense,” reflecting employee frustration. The security notice, issued Monday, marked the incident as “closed,” suggesting it was resolved. However, the exposure has reignited debates about the program’s risks.
According to a May 2023 internal audit report obtained by *The Verge*, the MCI program had already faced scrutiny for its data collection scope. The report noted that “the volume of raw data being ingested exceeded initial risk assessments,” and recommended “stricter access controls and transparency measures.” Meta’s 2023 10-K filing also highlighted “increased regulatory focus on data governance,” though it did not explicitly mention the MCI breach.
Employee Reactions: Protests and Internal Criticism
Over 1,600 Meta employees signed an internal petition last month opposing the MCI program, warning that “collecting this data introduces both security and regulatory risks for Meta, including the potential for breaches and unauthorized disclosure.” One engineer described the surveillance as an “invasion of privacy” and “exploitation,” noting that employees were not given consent to have their laptop screens scraped for training data.
A former employee involved in pushing back against MCI called the breach “a mess” and criticized leadership for ignoring employee concerns. “When workers raised concerns, leadership doubled down and failed to acknowledge the risks,” the person said. “Leadership has clearly created an authoritarian environment where workers are no longer respected or heard.”
In a June 2023 internal email obtained by *TechCrunch*, Meta Chief Information Security Officer (CISO) Michael Gentry acknowledged “growing unease” among staff but defended the MCI as “critical for advancing our AI roadmap.” The email, dated June 15, 2023, also cited a 2022 internal study by Meta’s Privacy Committee that found “no direct evidence of misuse” of similar data collection tools.
Technical and Ethical Implications
The breach highlights the risks of internal data access controls, particularly for programs that collect sensitive information. The MCI tool, launched in April 2023, initially forced employees to participate but later allowed limited exemptions. Meta executives defended the program, arguing it was necessary to train AI systems to mimic human behavior. In a leaked meeting, CEO Mark Zuckerberg claimed, “AI models learn from watching really smart people do things,” and that “the average intelligence of the people who are at this company is significantly higher” than contractors.
However, the exposure has raised questions about how Meta
Find more reporting in our Business section.
