Soft drinks giant Coca-Cola has admitted that company laptops containing important data were stolen from its headquarters in Atlanta.
The laptops were taken by a former employee responsible for maintenance and disposal. This wasn't a single big heist, though: the thief stole the machines over a period of several years, his final haul containing the sensitive data of around 74,000 people.
Over a six-year period the worker removed a total of 55 laptops from Coca-Cola's Atlanta offices. The laptops were recovered during November and December last year. The firm then realised that the hardware contained 18,000 personal records and social security numbers, plus 56,000 other entries with equally sensitive data.
None of the stolen laptops had been encrypted in line with the drinks maker's security policies, while some had not been encrypted at all.
In an emailed statement, Christian Toon, head of Information Risk at Iron Mountain, wrote that the incident "highlights a particular failing in many information security strategies where firms do not understand the risk that staff pose to company data, especially if that member of staff has a grievance against the company or is leaving their job".
He added: "It is about building a culture of information responsibility that includes trust and respect for employees and respect for the value of information that belongs to the employer."
Who the employee was, why they stole the equipment, or how the data breach was discovered has not been disclosed by Coca-Cola, which immediately offered its employees identity-theft protection as an apology.
The beverage giant plans to take legal action against the former employee.