Information Security News mailing list archives

Previous By Date Next
Previous By Thread Next

Coca-Cola Laptop Breach A Common Failure Of Encryption, Security Basics

From: InfoSec News <alerts () infosecnews org>
Date: Tue, 28 Jan 2014 06:25:19 +0000 (UTC)
http://www.crn.com/news/security/240165711/coca-cola-laptop-breach-a-common-failure-of-encryption-security-basics.htm

By Robert Westervelt
CRN.com
January 27, 2014
Coca-Cola is notifying employees, contractors and people associated with its suppliers following a data breach at its Atlanta headquarters that resulted in the theft of laptops and information exposure on at least 74,000 people.
The laptops, which have been recovered, were stolen by a former employee, according to the Wall Street Journal, which first reported the security incident Monday. A Coca-Cola spokesperson did not return repeated requests from CRN for a comment on Monday. Coca-Cola told the newspaper that the laptop was not encrypted and contained the names, Social Security numbers and addresses of the individuals and included other details, such as driver's license numbers, compensation and ethnicity.
The firm said the laptops were stolen by an employee who was assigned to properly dispose of the equipment. The newspaper reported that Coca-Cola is sending out notification letters to 18,000 people whose names and Social Security numbers were found on the laptops as well as 56,000 people who had other personal information potentially exposed.
Coca-Cola said its security policy requires laptop encryption. Lost and stolen laptops containing corporate data is a common occurrence, security experts in the channel told CRN. The latest breach highlights a failure of some basic security policies followed by a lack of security technology that has long been available to enterprises. Laptop encryption and user provisioning policies to remove access privileges from terminated employees may have prevented the issue, they say. Meanwhile, network monitoring may have detected and contained the problem before the data on tens of thousands of people was exposed. 

[...]



--
Subscribe to InfoSec News
http://www.infosecnews.org/subscribe-to-infosec-news/
Previous By Date Next
Previous By Thread Next

Current thread: