Theft of unencrypted laptops behind Coca-Cola breach impacting 74,000

Share this article:
Social Security numbers, driver's license numbers and other data was exposed.
Social Security numbers, driver's license numbers and other data was exposed.

Due to a theft of unencrypted laptops at Coca-Cola, around 74,000 current and former employees at the company may be at risk of identity theft or fraud.

Sensitive information that was on the laptops included names and Social Security numbers of around 18,000 individuals, while an additional 56,000 people had personal information, such as driver's license numbers, exposed in the incident.

Other data, like addresses, financial compensation and ethnicity of victims, was also compromised, according to a Friday article in The Wall Street Journal, which broke the story.

According to WSJ, Coca-Cola learned on Dec. 10 that personal data was stored on the laptops, which were eventually recovered by the company.

Ann Moore, a spokeswoman at Coca-Cola told WSJ that the laptops were stolen by a former employee who was responsible for maintaining and disposing of company equipment.

On Friday, the company began sending notification letters to the 74,000 impacted individuals, which include Coca-Cola employees, contractors and suppliers in North America.

According to a memo sent to company employees, which was obtained by WSJ, Coca-Cola waited until Friday to alert employees in order to assess what information was on the recovered laptops.

“To expedite the process, we brought in extra crews that worked long hours, including throughout the holiday period and on weekends, to sort through the data,” the memo said.

Coca-Cola also revealed that the stolen laptops had not been encrypted as they should have been in accordance with company policy.

UPDATE: In a Monday email, Coca-Cola provided a statement on the incident to SCMagazine.com, saying that the company would provide free identity theft protection services to those impacted.

“The Coca-Cola Company has sent notices to about 74,000 North America-based employees, former employees and other third parties informing them that some of their sensitive personal information was contained in documents on [Coca-Cola Refreshments] CCR and former [Coca Cola Enterprises] CCE laptop computers that were stolen from the company," the statement said.

“We have no indication that the information was misused. However, we understand the concerns some people may have and therefore, to demonstrate an abundance of caution, The Coca-Cola Company is offering free identity theft protection services to all affected. We take personal information security very seriously, and we apologize for any inconvenience this may cause."

Share this article:

Sign up to our newsletters

More in News

New backdoor 'Baccamun' spreads through ActiveX exploit

Symantec researchers revealed that the backdoor is dropped after attackers exploit a Windows ActiveX vulnerability.

Outdated browsers put U.K. users at risk of malware

A blog post on Check and Secure website said 70 percent of U.K. users haven't fully updated their internet browsers

Survey: 53 percent change privileged logins quarterly

A Lieberman Software survey highlights the issue or poor password management, even among security pros.