BreachExchange mailing list archives
Coca-Cola: Stolen Laptops Had Personal Information of 74, 000
From: Audrey McNeil <audrey () riskbasedsecurity com>
Date: Fri, 24 Jan 2014 15:41:35 -0700
http://online.wsj.com/news/articles/SB10001424052702304632204579341022959922200?mg=reno64-wsj&url=http%3A%2F%2Fonline.wsj.com%2Farticle%2FSB10001424052702304632204579341022959922200.html Coca-Cola Co. (KO -1.02%) said Friday that company laptop computers stolen from its Atlanta headquarters contained the personal information of as many as 74,000 people. The beverage giant sent a memo to its U.S. and Canadian employees alerting them to the security breach. The company has since recovered the laptops, which weren't encrypted, and notified law enforcement about the theft. Coke said it has "no indication" the information had been misused. Coke said it is sending letters to about 18,000 individuals whose names and Social Security numbers were found on the laptops. It also is notifying another 56,000 individuals with other sensitive personal information, primarily driver's license numbers, on the laptops. A Coke spokeswoman said the security breach included personal information of about 4,500 individuals who aren't current or former employees. The affected individuals were company contractors or vendors, she said. Credit-card information for fewer than 10 individuals was on the stolen laptops, according to the spokeswoman, Ann Moore. But the laptops did contain other personal information such as individuals' financial compensation, ethnicity and address. Coke has about 68,000 employees in the U.S. and 6,500 in Canada. Individuals outside North America weren't affected, according to the company. The spokeswoman said the laptops were stolen by a former employee who had been assigned to maintain or dispose of equipment. The company learned Dec. 10 that personal information was stored on the laptops after recovering them. The laptops belonged to employees who maintained such information for human resources. The laptops were turned over to the former employee to dispose them or recycle them, which didn't happen, according to the spokeswoman. Coke informed local law-enforcement authorities, but there had been no arrest as of Friday, according to the spokeswoman. Coke said company policy requires laptops to be encrypted, but the stolen computers hadn't yet been encrypted. Coke said it waited to inform employees until Friday because it had to go through the contents of the recovered laptops. "To expedite the process, we brought in extra crews that worked long hours, including throughout the holiday period and on weekends, to sort through the data,'' it wrote in its memo to employees. The company said Friday's letters were sent within the legally required time frame for notification. The company apologized and said it is offering one year of identity-theft protection services to all North American employees at no cost. Coke is the world's largest beverage company. Its products include Minute Maid fruit juices, Powerade sports drinks, Dasani Water and sodas such as Coca-Cola and Sprite.
_______________________________________________ Dataloss Mailing List (dataloss () datalossdb org) Archived at http://seclists.org/dataloss/ Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss For inquiries regarding use or licensing of data, e-mail sales () riskbasedsecurity com Supporters: Risk Based Security (http://www.riskbasedsecurity.com/) YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus on the right security. If you need security help or want to provide real risk reduction for your clients contact us!
Current thread:
- Coca-Cola: Stolen Laptops Had Personal Information of 74, 000 Audrey McNeil (Jan 29)