Coca-Cola: Stolen Laptops Had Personal Information of 74, 000

[Audrey McNeil <audrey () riskbasedsecurity com>]

http://online.wsj.com/news/articles/SB10001424052702304632204579341022959922200?mg=reno64-wsj&url=http%3A%2F%2Fonline.wsj.com%2Farticle%2FSB10001424052702304632204579341022959922200.html

Coca-Cola Co. (KO -1.02%) said Friday that company laptop computers stolen
from its Atlanta headquarters contained the personal information of as many
as 74,000 people.

The beverage giant sent a memo to its U.S. and Canadian employees alerting
them to the security breach. The company has since recovered the laptops,
which weren't encrypted, and notified law enforcement about the theft. Coke
said it has "no indication" the information had been misused.

Coke said it is sending letters to about 18,000 individuals whose names and
Social Security numbers were found on the laptops. It also is notifying
another 56,000 individuals with other sensitive personal information,
primarily driver's license numbers, on the laptops.

A Coke spokeswoman said the security breach included personal information
of about 4,500 individuals who aren't current or former employees. The
affected individuals were company contractors or vendors, she said.

Credit-card information for fewer than 10 individuals was on the stolen
laptops, according to the spokeswoman, Ann Moore.

But the laptops did contain other personal information such as individuals'
financial compensation, ethnicity and address. Coke has about 68,000
employees in the U.S. and 6,500 in Canada. Individuals outside North
America weren't affected, according to the company.

The spokeswoman said the laptops were stolen by a former employee who had
been assigned to maintain or dispose of equipment. The company learned Dec.
10 that personal information was stored on the laptops after recovering
them.

The laptops belonged to employees who maintained such information for human
resources. The laptops were turned over to the former employee to dispose
them or recycle them, which didn't happen, according to the spokeswoman.

Coke informed local law-enforcement authorities, but there had been no
arrest as of Friday, according to the spokeswoman.

Coke said company policy requires laptops to be encrypted, but the stolen
computers hadn't yet been encrypted.

Coke said it waited to inform employees until Friday because it had to go
through the contents of the recovered laptops.

"To expedite the process, we brought in extra crews that worked long hours,
including throughout the holiday period and on weekends, to sort through
the data,'' it wrote in its memo to employees. The company said Friday's
letters were sent within the legally required time frame for notification.

The company apologized and said it is offering one year of identity-theft
protection services to all North American employees at no cost.

Coke is the world's largest beverage company. Its products include Minute
Maid fruit juices, Powerade sports drinks, Dasani Water and sodas such as
Coca-Cola and Sprite.

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus 
on the right security.  If you need security help or want to provide real risk reduction for your clients contact us!