Back to overview
Meta logo
meta.com
Meta
Confidence MediumJun 23, 2026meta.com

Meta Suspends Internal AI Program After Employee Data Leak

PatternExternal actor · Error · Confidentiality impact

Meta suspended its internal AI program, 'Model Capability Initiative' (MCI), after a data leak exposed sensitive employee information. The program, designed to train AI models, recorded mouse movements, clicks, keystrokes, and took screenshots of employee activity. Problems with data storage were reported in May, leading to the suspension and an ongoing investigation. The incident was publicly reported on June 23, 2026.

Signal date
Jun 23, 2026
Updated
Jun 29, 2026
Confidence
Medium
Sources
1 source

Signal context

First seen: Jun 23, 2026

Last updated: Jun 29, 2026

Status: Public signal

Key points

  • Meta suspended its internal AI program, 'Model Capability Initiative' (MCI).
  • Sensitive employee data exposed, including mouse movements, clicks, keystrokes, and screenshots.
  • Program designed to train AI models.

Signal analysis

Beta

It helps compare this signal with other published signals without treating the labels as final determinations.

Affected organization
Meta logo
Meta

Likely country: Location not provided

Threat source
Error activity

The feed marks multiple actor roles. Treat this as a review signal rather than a final attribution.

  • Source type: outside the affected organization
  • Source type: possible insider or internal misuse
Business impact
Potential data exposure

Impact area: Confidentiality

Likely asset: User or customer data

Trend context
14 signals with similar action pattern
  • 1 signal in the same sector
  • 88 signals with the same likely impact area
  • 1 signal linked to this organization/domain
Mentioned entities
MetaData DisclosureMeta Suspends Internal AI ProgramModel Capability InitiativeMCIProblemsMetaSensitiveProgram

External sources

Related signals

Grouped by why the signal is relevant.

dialog.org logoDialogJun 27, 2026
Same action patternSame impact area

Peter Thiel's Dialog Society Data Leak Exposes Senior US Officials

A data exposure at Dialog, a private events group co-founded by Peter Thiel, unmasked personal information and login tokens for US and allied national security figures. The incident, which Dialog internally classified as a cyberattack but evidence suggests was a website misconfiguration, exposed private details of 222 registrants for its 2026 retreat, including names, private contact details, active login tokens, and internal ratings.

whise.eu logoWhiseJun 23, 2026
Same action patternSame impact area

Whise.eu (European Real Estate CRM) Data Leak by ChimeraZ

The threat actor ChimeraZ claimed to have leaked a database from Whise, a Belgian CRM system for the real estate sector, on the dark web on June 23, 2026. The leaked data reportedly consists of 40.85 million records, approximately 15.8 GB of JSON files. Whise is a market leader in Belgium and also active in France.

viennaairport.com logoViennaairportJun 23, 2026
Same action patternSame impact area

Vienna Airport Targeted in APT73/Bashe Ransomware Attack

The ransomware group APT73/Bashe claimed responsibility for a cyberattack against Vienna Airport (Flughafen Wien AG) on June 23, 2026, threatening to leak sensitive data. The airport acknowledged a limited leakage of old cargo-related files from one email inbox but denied a broader system compromise.

onemedical.com logoOnemedicalJun 22, 2026
Same action patternSame impact area

ShinyHunters Threatens to Leak 8.8 TB of One Medical Seniors Patient Data by June 22 Deadline

Amazon-owned primary care provider One Medical faced a data extortion threat from the ShinyHunters group, which claimed to have stolen 8.8 terabytes of data from One Medical Seniors (formerly Iora Health) and threatened to leak it by June 22, 2026, if a ransom was not paid. One Medical had previously disclosed a cybersecurity incident on June 17, 2026, involving unauthorized access to a third-party file storage system containing archived patient information for One Medical Seniors. The unauthorized access occurred between June 8 and June 11, 2026. The potentially compromised information includes demographic and clinical records for some patients.

keewah.com logoKeewahJun 22, 2026
Same action patternSame impact area

Kee Wah Bakery Hit by Ransomware Attack, Data Leak Fears Emerge

Hong Kong's famous Kee Wah Bakery revealed on June 22, 2026, that it was hit by a ransomware attack on its internal network. The incident, which caused network malfunctions last Friday (June 19), targeted systems containing employees' personal data, as well as information related to business partners, online store customers, and mobile app members. While the company could not confirm if data was extracted, it has engaged cybersecurity experts, notified the Office of the Privacy Commissioner for Personal Data and police on Sunday (June 21), and is contacting affected parties as a precautionary measure. No customer payment or credit card information was involved.

mckaysugar.com.au logoMckaysugarJun 21, 2026
Same action patternSame impact area

McKay Sugar Cyber Incident by Gentlemen Ransomware Group

McKay Sugar, a major Australian sugar producer, suffered a cyber incident that disrupted operations at its Farley and Racecourse Mills. The Gentlemen ransomware group claimed responsibility for the attack around June 15-16, 2026, on their leak site. Public reporting indicated that McKay Sugar was working to verify what data was stolen or accessed. The ransomware group claimed to have stolen over 26 million records containing PII of customers and other internal data. The incident was discussed in public reporting around June 21, 2026.