The information provided on this website does not, and is not intended to, act as legal, financial or credit advice; instead, it is for general informational purposes only. Information on this website may not be current. This website may contain links to other third-party websites. Such links are only for the convenience of the reader, user or browser; we do not recommend or endorse the contents of any third-party sites. Readers of this website should contact their attorney, accountant or credit counselor to obtain advice with respect to their particular situation. No reader, user, or browser of this site should act or not act on the basis of information on this site. Always seek personal legal, financial or credit advice for your relevant jurisdiction. Only your individual attorney or advisor can provide assurances that the information contained herein – and your interpretation of it – is applicable or appropriate to your particular situation. Use of, and access to, this website or any of the links or resources contained within the site do not create an attorney-client or fiduciary relationship between the reader, user, or browser and website owner, authors, contributors, contributing firms, or their respective employers.
Credit.com receives compensation for the financial products and services advertised on this site if our users apply for and sign up for any of them. Compensation is not a factor in the substantive evaluation of any product.
Coca-Cola Co. announced a data breach Jan. 24, adding another big name to the list of companies dealing with recent security failures.
The news may have consumers sighing with exasperation — “Another one?” — but the breach at Coke is different than the attacks confirmed by Target, Adobe and Neiman Marcus: This one went after employee data.
The company said about 74,000 past and present employees’ personal information has been compromised as a result of laptop theft, which was allegedly carried out by a former employee who was responsible for recycling and maintaining equipment, according to reports in the Wall Street Journal and other data security outlets. In a memo sent to employees, the company explained the laptops were stolen and then returned, and they held information about U.S. and Canadian employees, including names, Social Security numbers, addresses, ethnicity and compensation. The laptops were not encrypted, but the memo did not explain why.
According to the Journal, the company learned of the theft Dec. 10, but employees were just notified, because the company needed to go through the information on the recovered hardware. The fact that the information on the laptops was not encrypted makes the data much more vulnerable to abuse, but the company said it has “no indication” personal information was misused.
Compared to the roughly 70 million customers impacted by the Target data breach, the 74,000 Coke employees may seem insignificant, but the nature of the security lapse is worrisome to some privacy experts.
“They had the policies in place, but to me, they weren’t really living, which means they didn’t have the mechanisms to enforce those policies,” said Walter Boyd, a senior privacy adviser with Identity Theft 911 Consulting who has 12 years of experience in the industry. “Companies really need to not just kind of cover themselves … but also really have the auditing and enforcement arm.”
The potential victims in this breach — whether they still have a professional relationship with Coke or not — should take reasonable steps to make sure their information hasn’t been misused, Boyd said, like reviewing activity on their credit reports in recent months. They also have the option of setting fraud alerts on their credit profiles, which can be done for free through the major credit reporting agencies, and Coke has said it will offer free credit monitoring to victims.
Maybe you’re not an affected employee in this case, and this snafu may not be a direct threat to your financial and credit health, but it serves as a reminder that data breaches are a regular occurrence — whether your employer or a retailer loses your information. In any case, maintaining good habits of monitoring your account activity and changes in credit scores allows you to more easily spot anything fishy. With identity theft, the extent of the damage often correlates to how quickly the situation is addressed.
Staying up to date on your credit profile is easy. Consumers are entitled to free copies of their annual credit reports from the major credit reporting agencies, and there are useful free tools, like Credit.com’s Credit Report Card, that allow you to monitor your credit scores. Any new, unexpected accounts on your credit reports or sudden changes in your credit scores could indicate fraud, and you’ll want to act quickly once you discover it.
If you’re concerned about how your company secures your sensitive information, Boyd said to take up the matter with a compliance department, because it’s important to have confidence in your employer’s privacy policies. In this case, employees should be concerned, Boyd said, but they should act productively on that concern by closely monitoring their credit and communicating with the company about what is being done to resolve the situation.
Image: hero30
October 19, 2023
Identity Theft and Scams
May 17, 2022
Identity Theft and Scams
May 20, 2021
Identity Theft and Scams