top of page

SAP employee finds stolen SSD with personal data on eBay

Updated: Jan 5

An eBay listing uncovers a stolen SAP SSD containing the personal information of employees, raising concerns about data security.

Credits: Rafael Henrique/SOPA Images/LightRocket via Getty Image

Sketchy deals on online marketplaces like eBay are a common occurrence. Counterfeit, stolen, broken, or falsely advertised items sold by third parties are no surprise. However, stumbling upon a stolen possession can be shocking, as one SAP employee recently discovered.

According to a report from The Register, an employee at the software giant SAP found an SSD for sale on eBay that was one of four recently stolen from SAP data centres in Germany's Baden-Württemberg. The unnamed sources close to the incident revealed that the device contained the personal records of dozens of workers.

The Register stated, "One of the disks later turned up on eBay and was bought by an SAP employee. They were able to identify that it belonged to SAP. The disk contained personal records of 100 or more SAP employees."

Allegedly, the data centres housing the stolen SSDs lacked sufficient physical checks, enabling someone to relocate the devices from a secure location to a less secure building within the campus, as per The Register's sources.

SAP is presently investigating the matter and has yet to locate the other three stolen SSDs. According to The Register, SAP European data centres have experienced five burglaries in the past two years.

When Ars Technica reached out to SAP regarding the report, the company provided the following statement, which was also shared with The Register:

"SAP takes data security very seriously. Please understand that while we don’t comment on internal investigations, we can confirm we currently have no evidence suggesting that confidential customer data or PII (personally identifiable information) has been taken from the company via these disks or otherwise."

The circumstances surrounding how the employee identified the storage device on eBay, determined it belonged to SAP, and validated this information remain unclear. It is possible that the employee, who may have been actively searching for the stolen property, came across the listing fortuitously.

  • An SAP employee discovered a stolen SSD from SAP data centres listed on eBay, containing the personal information of numerous employees.

  • The lack of physical checks in the data centres allowed the theft and relocation of the devices.

  • SAP is investigating the incident, with three stolen SSDs still missing.

Source: arstechnica

As technology advances and has a greater impact on our lives than ever before, being informed is the only way to keep up.  Through our product reviews and news articles, we want to be able to aid our readers in doing so. All of our reviews are carefully written, offer unique insights and critiques, and provide trustworthy recommendations. Our news stories are sourced from trustworthy sources, fact-checked by our team, and presented with the help of AI to make them easier to comprehend for our readers. If you notice any errors in our product reviews or news stories, please email us at  Your input will be important in ensuring that our articles are accurate for all of our readers.

bottom of page