"It's clear … that while most of the data is fragmentary, in some instances entire emails and URLs were captured, as well as passwords," said Alan Eustace, vice president of engineering and research, in a post on Google's blog Friday.
When the breach was first disclosed in May, Google said the information it collected was typically "only fragments," since the cars are on the move when they gathered information.
Google said it wants to delete the data as soon as possible. The company can't delete some of the information until the corresponding investigations are closed, but Google said seven of them have now been concluded.
The company has made changes to strengthen its internal privacy and security practices, including the appointment of a new director of privacy for engineering and product management and the addition of new internal procedures requiring engineering product managers to maintain a privacy-design document that records how user data is handled. Google is also enhancing its privacy training for engineers and other relevant groups within the company.
Google said the incident was caused by a piece of code that sampled all categories of publicly broadcasted Wi-Fi data.
International Business Times, The Global Business News Leader