Coca-Cola could be in trouble after one of its employees filed a class action suit against it following the theft of over 50 staff laptops from a bottling plant.
The lawsuit, which was filed in a Pennsylvania federal court on Wednesday, alleges that the fizzy drinks conglomerate should be held responsible for the theft as it didn’t adequately secure the data, which included personally identifiable information.
The suit was filed on behalf of 74,000 employees, with an alleged 18,000 social security numbers exposed, according to reports.
It also contends that the multinational didn’t notify the affected employees quickly enough and that none of the data on the laptops was encrypted.
The lawsuit apparently reads:
"Such deliberate and/or grossly negligent conduct, in the face of a preventable event had the defendants taken appropriate steps to secure the [data] of plaintiff and the class, is actionable under the statutes and common law of Pennsylvania and the other states where members of the class reside."
A total of 55 laptops were reportedly stolen from Coca-Cola’s largest bottling plant in Poconos, and at its headquarters in Atlanta.
Former bottling engineer, Shane Enslin, alleged that the stolen data was used to commit identity theft, with criminals using his card to make false purchases and apply for new plastic.
“The company that guards perhaps the best-kept secret in America, the Coke formula, failed to reasonably protect its employees from identify theft," Enslin’s lawyer Donald Haviland told Law360.
"As a result, the most trusted information about Mr Enslin and thousands of other Coke employees has fallen into the hands of criminals. The Enslins have been under siege ever since. This suit was brought because Coke refused to do the right thing, despite direct pleas by the Enslins.”
Jason Hart, vice president of cloud solutions at SafeNet, argued the case highlights the importance of organizations taking a multi-layered approach to security, including encryption.
“This breach is likely to have ramifications for Coca-Cola’s reputation and throw its security strategy into the limelight. As consumers become more aware of the risk of their data being compromised in the hands of trusted brands, they’re likely to become more cautious about what data they share and demand more transparency from the companies they buy from,” he added.
“They may not care about some data being compromised, but if that information can be used for fraud, blackmail or burglary, it becomes a bigger problem.”