http://www.crn.com/news/security/240165711/coca-cola-laptop-breach-a-common-failure-of-encryption-security-basics.htm
By Robert Westervelt
CRN.com
January 27, 2014
Coca-Cola is notifying employees, contractors and people associated with
its suppliers following a data breach at its Atlanta headquarters that
resulted in the theft of laptops and information exposure on at least
74,000 people.
The laptops, which have been recovered, were stolen by a former employee,
according to the Wall Street Journal, which first reported the security
incident Monday. A Coca-Cola spokesperson did not return repeated requests
from CRN for a comment on Monday. Coca-Cola told the newspaper that the
laptop was not encrypted and contained the names, Social Security numbers
and addresses of the individuals and included other details, such as
driver's license numbers, compensation and ethnicity.
The firm said the laptops were stolen by an employee who was assigned to
properly dispose of the equipment. The newspaper reported that Coca-Cola
is sending out notification letters to 18,000 people whose names and
Social Security numbers were found on the laptops as well as 56,000 people
who had other personal information potentially exposed.
Coca-Cola said its security policy requires laptop encryption. Lost and
stolen laptops containing corporate data is a common occurrence, security
experts in the channel told CRN. The latest breach highlights a failure of
some basic security policies followed by a lack of security technology
that has long been available to enterprises. Laptop encryption and user
provisioning policies to remove access privileges from terminated
employees may have prevented the issue, they say. Meanwhile, network
monitoring may have detected and contained the problem before the data on
tens of thousands of people was exposed.
[...]
--
Subscribe to InfoSec News
http://www.infosecnews.org/subscribe-to-infosec-news/
