Coca-Cola notifying employees after laptops with personnel information were stolen (updated)
Things don’t always go better with Coke, it seems.
Coca-Cola Refreshments (CCR) is notifying employees “and other individuals” that they discovered on December 10th that several laptops assigned to current and former CCR/CCE users had been stolen. The laptops contained personal information. The letter, signed by their CIO, Tom Miller, does not indicate when the laptops were stolen, how many were stolen, or the circumstances under which they were stolen. Nor does the letter disclose how many employees had data on the laptops and whether the data on the laptops were encrypted (or if not, why not).
According to Miller, the laptops were successfully recovered, although, again, they do not explain how.
Although there has been no indication that the information has been misused, the firm is offering those affected free services with Kroll.
You can read their somewhat incomplete and unsatisfactory template notification letter on the website of the California Attorney General. Perhaps they will provide more details in their notifications to other states. If so, I’ll update this post as those reports become available.
Update: Mike Esterl of WSJ reports that there are 74,000 employees and contractors being notified, 18,000 of whom had their Social Security numbers on the laptops that were stolen by an employee whose duty was to maintain or dispose of them. Read more of the details on WSJ.