The Coca-Cola company has announced that it suffered a breach of personally identifiable information of about 8,000 people, eight months after law enforcement authorities alerted the company about a possible breach after apprehending a former employee with a hard drive containing such details.
The company also announced that after investigating the contents of the hard drive with law enforcement authorities, it has determined that the data was not leaked to unauthorised persons and was not used to commit identity theft.
"We are issuing data breach notices to about 8,000 individuals whose personal information was included in computer files that a former employee took with him when he left the company.
"We take information security very seriously, and we sympathize with everyone whose information may have been exposed. We regret any inconvenience or concern this may be causing them. We do not have any information to suggest that the information was used to commit identify theft," a spokesperson for the Coca-Cola company told Bleeping Computer.
The company added that it waited till now to announce the breach at the request of law enforcement authorities but is offering free identity monitoring for one year to employees whose personal data was found in the portable hard drive.
Need for greater visibility into how & where data is stored
The breach of personal information of employees at the Coca-Cola company is a reminder of how important it is for large organisations to maintain watertight visibility over devices being used by employees as well as over customer and enterprise data. Lack of visibility will ensure that companies will not be able to detect on their own if they have suffered a breach.
A report from security firm Bomgar has revealed that in the United States and in Europe, as many as 69% of employees stay logged on to either their laptop or company accounts after work hours, 57% send work files to their personal e-mail accounts, 46% tell colleagues their passwords, 53% use unsecured Wi-Fi to access online data and in the UK, only 44% of companies have reviewed their policies on third-party access in the last two years.
Businesses are aware that employees may unintentionally mishandle sensitive data, fall victim to phishing e-mails or skirt security best practices to speed up productivity. Despite such awareness, only 37% of businesses have complete visibility into which employees have privileged access.
“It only takes one employee to leave an organization vulnerable. With the continuation of high-profile data breaches, many of which were caused by compromised privileged access and credentials, it’s crucial that organizations control, manage, and monitor privileged access to their networks to mitigate that risk," said Matt Dircks, CEO at Bomgar.
"The findings of this report tell us that many companies can’t adequately manage the risk related to privileged access. Insider breaches, whether malicious or unintentional, have the potential to go undetected for weeks, months, or even years – causing devastating damage to a company," he added.
Why does a privilege account breach translate to 'game over' for a business?
Former Bank of America executive held for misusing access to company data
UK organisations suffered the most breaches in Europe in 2017