Coca-Cola Experiences a Data Breach After An Employee Steals Laptops.
Coca-Cola has admitted to a data breach after an employee stole dozens of laptops over the course of six years. The stolen laptops went unnoticed and contained the sensitive data of 74,000 individuals.
The employee stole a total of 55 laptops from Coca-Cola’s Atlanta offices; some of the laptops belonged to a bottling company acquired by Coca-Cola in 2010. The unnamed former employee was in charge of equipment disposal.
Do you know what happens to your computer devices after disposal?
If they fall into the wrong hands, you too could experience a data breach.
“Organizations need to be sure they have a firm grasp on their data, know where and when it has been copied or transferred, and ensure that techniques such as encryption are in place in case it falls into the wrong hands,” explained Chris McIntosh, CEO of security firm ViaSat UK.
Unencrypted Data And Lack of Proper Supervision Caused The Breach.
Coca-Cola didn’t realize the laptops contained personal information until they were recovered in November and December 2013. In total, the laptops contained 18,000 personal records with social security numbers, plus 56,000 records with other types of sensitive data. The affected individuals will be contacted as soon as possible.
Coca-Cola failed to encrypt the records although the company’s security policy claims encryption is necessary. When trying to explain the delay between the discovery in December and their announcement of the breach on January 24th, Coca Cola stated:
“To expedite the process, we brought in extra crews that worked long hours, including throughout the holiday period and on weekends.”
Coca-Cola had a security policy in place however they failed to adhere to the policy. A laptop security policy must be implemented and enforced on employees to ensure sensitive information remains confidential.
Enforce and Adhere To These Laptop Security Policies To Prevent Disclosure of Sensitive Information:
- Ensure you control the way confidential data is accessed, stored, and transferred.
- Perform ongoing risk assessments to identify security threats.
- Hold employee-training sessions to define security measures and penalties for employee noncompliance.
- Encrypt technologies to secure confidential data stored on laptops.
- Employ physical security measures including biometric finger scanners to provide an extra layer of security.
- Wipe data from laptops and computer devices prior to recycling or disposing of them.
- Deploy response and recovery procedures to determine the severity of a potential data breach.
A proper laptop security policy must be tailored to meet the unique needs of your business. It’s critical to review and improve your laptop security policy on a regular basis and include provisions for both company-owned and personal laptops.
To learn more about Coca-Cola’s data breach and how to protect your laptops in the event of loss or theft, give us a call at (408) 849-4441 or send us an email at info@veltecnetworks.com. Veltec Networks can help you protect confidential information stored on your laptops.