Theft of unencrypted laptops behind Coca-Cola breach impacting 74,000

Share this article:
Social Security numbers, driver's license numbers and other data was exposed.
Social Security numbers, driver's license numbers and other data was exposed.

Due to a theft of unencrypted laptops at Coca-Cola, around 74,000 current and former employees at the company may be at risk of identity theft or fraud.

Sensitive information that was on the laptops included names and Social Security numbers of around 18,000 individuals, while an additional 56,000 people had personal information, such as driver's license numbers, exposed in the incident.

Other data, like addresses, financial compensation and ethnicity of victims, was also compromised, according to a Friday article in The Wall Street Journal, which broke the story.

According to WSJ, Coca-Cola learned on Dec. 10 that personal data was stored on the laptops, which were eventually recovered by the company.

Ann Moore, a spokeswoman at Coca-Cola told WSJ that the laptops were stolen by a former employee who was responsible for maintaining and disposing of company equipment.

On Friday, the company began sending notification letters to the 74,000 impacted individuals, which include Coca-Cola employees, contractors and suppliers in North America.

According to a memo sent to company employees, which was obtained by WSJ, Coca-Cola waited until Friday to alert employees in order to assess what information was on the recovered laptops.

“To expedite the process, we brought in extra crews that worked long hours, including throughout the holiday period and on weekends, to sort through the data,” the memo said.

Coca-Cola also revealed that the stolen laptops had not been encrypted as they should have been in accordance with company policy.

UPDATE: In a Monday email, Coca-Cola provided a statement on the incident to SCMagazine.com, saying that the company would provide free identity theft protection services to those impacted.

“The Coca-Cola Company has sent notices to about 74,000 North America-based employees, former employees and other third parties informing them that some of their sensitive personal information was contained in documents on [Coca-Cola Refreshments] CCR and former [Coca Cola Enterprises] CCE laptop computers that were stolen from the company," the statement said.

“We have no indication that the information was misused. However, we understand the concerns some people may have and therefore, to demonstrate an abundance of caution, The Coca-Cola Company is offering free identity theft protection services to all affected. We take personal information security very seriously, and we apologize for any inconvenience this may cause."

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

TOP COMMENTS

More in News

ISSA tackles workforce gap with career lifecycle program

ISSA tackles workforce gap with career lifecycle program ...

On Thursday, the group launched its Cybersecurity Career Lifecycle (CSCL) program.

Amplification DDoS attacks most popular, according to Symantec

Amplification DDoS attacks most popular, according to Symantec

The company noted in a whitepaper released on Tuesday that Domain Name Server amplification attacks have increased 183 percent between January and August.

Court shutters NY co. selling security software with "no value"

A federal court shut down Pairsys at the request of the Federal Trade Commission.