[ISN] Coca-Cola Laptop Breach A Common Failure Of Encryption, Security Basics

http://www.crn.com/news/security/240165711/coca-cola-laptop-breach-a-common-failure-of-encryption-security-basics.htm By Robert Westervelt CRN.com January 27, 2014 Coca-Cola is notifying employees, contractors and people associated with its suppliers following a data breach at its Atlanta headquarters that resulted in the theft of laptops and information exposure on at least 74,000 people. The laptops, which have been recovered, were stolen by a former employee, according to the Wall Street Journal, which first reported the security incident Monday. A Coca-Cola spokesperson did not return repeated requests from CRN for a comment on Monday. Coca-Cola told the newspaper that the laptop was not encrypted and contained the names, Social Security numbers and addresses of the individuals and included other details, such as driver’s license numbers, compensation and ethnicity. The firm said the laptops were stolen by an employee who was assigned to properly dispose of the equipment. The newspaper reported that Coca-Cola is sending out notification letters to 18,000 people whose names and Social Security numbers were found on the laptops as well as 56,000 people who had other personal information potentially exposed. Coca-Cola said its security policy requires laptop encryption. Lost and stolen laptops containing corporate data is a common occurrence, security experts in the channel told CRN. The latest breach highlights a failure of some basic security policies followed by a lack of security technology that has long been available to enterprises. Laptop encryption and user provisioning policies to remove access privileges from terminated employees may have prevented the issue, they say. Meanwhile, network monitoring may have detected and contained the problem before the data on tens of thousands of people was exposed. […]