Theft of unencrypted laptops behind Coca-Cola breach impacting 74,000

Share this article:
Social Security numbers, driver's license numbers and other data was exposed.
Social Security numbers, driver's license numbers and other data was exposed.

Due to a theft of unencrypted laptops at Coca-Cola, around 74,000 current and former employees at the company may be at risk of identity theft or fraud.

Sensitive information that was on the laptops included names and Social Security numbers of around 18,000 individuals, while an additional 56,000 people had personal information, such as driver's license numbers, exposed in the incident.

Other data, like addresses, financial compensation and ethnicity of victims, was also compromised, according to a Friday article in The Wall Street Journal, which broke the story.

According to WSJ, Coca-Cola learned on Dec. 10 that personal data was stored on the laptops, which were eventually recovered by the company.

Ann Moore, a spokeswoman at Coca-Cola told WSJ that the laptops were stolen by a former employee who was responsible for maintaining and disposing of company equipment.

On Friday, the company began sending notification letters to the 74,000 impacted individuals, which include Coca-Cola employees, contractors and suppliers in North America.

According to a memo sent to company employees, which was obtained by WSJ, Coca-Cola waited until Friday to alert employees in order to assess what information was on the recovered laptops.

“To expedite the process, we brought in extra crews that worked long hours, including throughout the holiday period and on weekends, to sort through the data,” the memo said.

Coca-Cola also revealed that the stolen laptops had not been encrypted as they should have been in accordance with company policy.

UPDATE: In a Monday email, Coca-Cola provided a statement on the incident to SCMagazine.com, saying that the company would provide free identity theft protection services to those impacted.

“The Coca-Cola Company has sent notices to about 74,000 North America-based employees, former employees and other third parties informing them that some of their sensitive personal information was contained in documents on [Coca-Cola Refreshments] CCR and former [Coca Cola Enterprises] CCE laptop computers that were stolen from the company," the statement said.

“We have no indication that the information was misused. However, we understand the concerns some people may have and therefore, to demonstrate an abundance of caution, The Coca-Cola Company is offering free identity theft protection services to all affected. We take personal information security very seriously, and we apologize for any inconvenience this may cause."

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

More in News

EPIC files complaint with FTC against Maricopa

The nonprofit organization alleges that the Maricopa County Community College District violated the FTC's "Safeguards Rule."

RSA fraud report examines August phishing trends

Phishing is down 22 percent from July to August, but U.S. banks experienced an increase in phishing volume.

Kevin Mitnick to sell zero-day exploits

Kevin Mitnick's new venture will develop and procure zero-day exploits, then sell them for $100,000 or more.