One of Coca-Cola’s most recent slogans has been “Life begins here.” A more appropriate slogan might be “Life begins—wait, where are all of our laptops?” The carbonated sugar drink giant has admitted that 55 laptops were removed from the company’s Atlanta offices over a six-year period, resulting in the (presumed firing) of an unnamed former worker who was in charge of “equipment disposal.”
Among the data contained in the 55 laptops were 18,000 person records, including social security numbers and 56,000 other types of sensitive data. Even though Coca-Colas has an encryption security policy, none of these records were encrypted, according to a memo seen by the Wall Street Journal.
“To expedite the process, we brought in extra crews that worked long hours, including throughout then holiday period and on weekends,” the memo stated.
It’s unclear how the laptops were recovered or why they seemed to re-appear after disappearing. The breach certainly points to the idea that businesses of all sizes need to keep track of all of their computers, mobile devices and anything else that contains sensitive information. If nothing else, security teams at Coca-Cola should have the ability to monitor the location of laptops. If one such computer goes missing for a long time, there should be a way to remotely lock the device, in addition to generally encrypting the material, which Coca-Cola admitted in the aforementioned memo they didn’t do.
Furthermore, what recourse do employees have in situations? Having one’s social security number stolen can lead to a whole host of problems for individuals. Coca-Cola’s ‘That’s our bad’-style response feels insufficient.
Edited by Cassandra Tucker