The Coca-Cola Breach and Who’s on Hook for Security of Employee Data
Chris Opfer writes:
Six years after Shane Enslin left his repairman job at a Coca-Cola distribution plant in Pennsylvania, the company told him that his Social Security number and other personal information might have fallen into the wrong hands. A few months later, a declined credit card upended his family vacation. Then came a third unfortunate surprise for Enslin: A federal judge in Pennsylvania ruled that Coca-Cola wasn’t obligated to safeguard his data, which Enslin believes identity thieves used to ring up thousands of dollars in unauthorized purchases.
“This is the company that protects the world’s greatest secret, the formula for Coke,” Donald Haviland, Enslin’s attorney, told Bloomberg Law. “And yet somehow they can’t stop some knucklehead from walking out the door with hundreds of laptops.”
Enslin is appealing the decision, arguing that Coca-Cola should be on the hook because a company tech worker stole computers with his information on them. A similar ruling, in which a state court said University of Pittsburgh Medical Center isn’t liable for a data hack in which fraudsters used UPMC worker information to file false tax returns, is also on appeal.
That’s a great quote from Enslin’s attorney. 🙂
Read more on Bloomberg Law.