The Coca-Cola Company is facing a class action lawsuit following the theft of laptops containing employee’s personal data from one of its bottling operations.
The complaint was filed on behalf of 74,000 people, who contend that the soft drinks firm failed to secure the data which included personally identifiable, motor and financial information. The complaint also contends that Coca Cola did not notify employees of the breach in good time.
The filing reads: "Such deliberate and/or grossly negligent conduct, in the face of a preventable event had the defendants taken appropriate steps to secure the [data] of plaintiff and the class, is actionable under the statutes and common law of Pennsylvania and the other states where members of the class reside."
Fifty-five laptops were taken from the Coca-Cola Enterprises bottler between 2007-2013, according to the filing, with the North American bottler later bought by the main company during 2010 as part of an efficiency drive.
The named plaintiff Shane Enslin, who stopped working for Coca-Cola in 2007, says thieves used his data to make fraudulent purchases and attempted to authorise the issuing of new credit cards, adversely affecting his credit score.
Jason Hart, VP Cloud Solutions at the security company SafeNet, said: "Given Coca-Cola is a well-known brand, its security strategy should encompass multiple layers of security that include encryption and multi-factor authentication.
"It highlights the importance for organisations to not only protect their customers’ information, but also that of their employees."
Thomas Rogers was arrested for the theft of the laptops in June, and has been charged with felony and misdemeanour theft by taking.
Under the laws of 44 US states, including Pennsylvania where the complaint was filed, companies are required to quickly notify customers if their data has been breached.
