Coke Breach Leads RoundupFormer Employee Allegedly Stole 55 Laptops
In this week's breach roundup, Coca Cola has confirmed a breach tied to the theft of 55 unencrypted company laptops. Also, UC Davis Health System reports a phishing scam that compromised three clinicians' e-mail accounts, leading to the exposure of patient information.
Coca Cola Says Laptops Theft Affects 74,000
Coca Cola says the personal information of roughly 74,000 current and former employees, as well as contractors and vendors, was exposed as a result of the theft of 55 company laptops by a former employee. About 4,500 of the affected individuals were contractors or vendors for Coke, according to The Wall Street Journal.
In November and December of 2013, Coke recovered the unencrypted company laptops that had been stolen over a period of six years, according to the Journal.
Information exposed as a result of the theft includes Social Security and driver's license numbers, the report says. The former employee apparently involved in the theft had been responsible for maintaining or disposing of company equipment.
"We have no indication that the information was misused," Coke said in a statement provided to Information Security Media Group. "However, we understand the concerns some people may have and therefore, to demonstrate an abundance of caution, [Coke] is offering free identity theft protection services to all affected."
Phishing Scam Affects 1,800 Patients
UC Davis Health System in California is notifying approximately 1,800 patients that e-mails containing their personal or medical information may have been compromised by a phishing scam that affected three UC Davis clinicians.
The scams occurred in mid-December, according to the health system. Compromised information included in the e-mails includes name, medical record number and limited information associated with a clinic visit or hospital admission, UC Davis says.
The phishing issue was first discovered when clinicians saw e-mails being deleted from their accounts and found their accounts were being used to send messages to addresses outside the health system, UC Davis says.
UC Davis' e-mail program is encrypted. The health system took immediate action to protect patient privacy when the compromises were discovered, including deleting the phishing e-mail from other staff accounts, blocking access to the phishing website and warning UC Davis staff about the scam.
Tax Forms Expose Information
The Connecticut Department of Labor has determined that approximately 27,000 of the 250,000 tax forms mailed out to individuals who collected unemployment compensation payments in 2013 contained some incorrect personal information.
Because of a printing error, the correct information was presented on the top portion of the form, while the bottom half contained information about another individual, the department said.
Because the form contained Social Security numbers, the department will provide affected individuals with free credit protection.
Private Investigators Sentenced
The UK Information Commissioner's Office sentenced six private investigators for tricking organizations into revealing personal details about customers.
Barry Spencer and Adrian Stanton ran ICU Investigations Ltd. based in Feltham, Middlesex, in England. The company worked on behalf of its clients to trace individuals, often for the purpose of debt recovery, the ICO said. The CIO estimates there were nearly 2,000 separate offenses between April 1, 2009, and May 12, 2010, according to the ICO.
After being found guilty, Stanton was fined a total of Â£7,500 and Â£6,107 prosecution costs. Spencer and ICU Investigations Ltd. will be sentenced on April 4.
Five other employees of the company also pleaded guilty to the same offense. The sentences were:
- Robert Sparling: Â£4,000 fine and Â£3,000 prosecution costs;
- Joel Jones: Â£3,000 fine and Â£2,500 prosecution costs;
- Michael Sparling: Â£2,000 fine and Â£2,000 prosecution costs;
- Neil Sturton: Â£1,000 fine and Â£1,000 prosecution costs;
- Lee Humphreys: Â£1,000 fine and Â£1,000 prosecution costs
"Private investigators must learn they are not above the law," ICO criminal investigations team manager Damian Moran said. "While the majority of private investigators go about their business in an honest manner, unscrupulous operators such as ICU Investigations Ltd. taint the industry and blight the reputations of their counterparts."