Coca-Cola announced a data breach after a former employee was found in possession of worker data on a personal hard drive. In compliance with state laws, the company is notifying the data breach to the affected employees via letter.
The company discovered the security breach in September when law enforcement officials notified it that a former employee at a Coca-Cola subsidiary was found in possession of an external hard drive.
Coca-Cola supported the investigation conducted by law enforcement, it confirmed the authenticity of the documents that contained personal information of some workers.
The company did not disclose the incident immediately at the request of authorities who were investigating the data breach.
Following state laws, the company is now sending notification letters to affected employees.
According to a company spokesman, the data breach has affected about 8,000 workers.
“We are issuing data breach notices to about 8,000 individuals whose personal information was included in computer files that a former employee took with him when he left the company,” a company spokesperson told Bleeping Computer.
“We take information security very seriously, and we sympathize with everyone whose information may have been exposed. We regret any inconvenience or concern this may be causing them. We do not have any information to suggest that the information was used to commit identity theft.”
As usually happens in these cases, Coca-Cola is offering free identity monitoring for one year to affected employees.
Back in 2014, Coca-Cola warned some 74,000 employees and other individuals that their personal information was compromised due to the theft of several company laptops.
(Security Affairs – cybercrime, data breach)