No matter how strong a company’s InfoSec policies are, and how strong their IT security team is, there will always be breaches of security. One key factor in this reality is the human element as human actions (malicious or benign) can open up the company to cybersecurity incidents. This is an issue that businesses of all kinds deal with, but when multinational corporations are involved, the stakes are higher in every way due to the number of people in danger and the money that can be lost. As a report from Bleeping Computer has shown, Coca-Cola is the latest corporation to experience an internal data breach. The source of the leak is a disgruntled ex-employee who was able to store employee data on their personal hard drive. According to PR representatives at the company, the Coca-Cola data breach affects roughly 8,000 employees of the soft-drink giant. The data stolen, according to Bleeping Computer’s article, “varies per employee” but all those affected have been notified.
Coca-Cola had this further to say about the incident:
We take information security very seriously, and we sympathize with everyone whose information may have been exposed. We regret any inconvenience or concern this may be causing them... we do not have any information to suggest that the information was used to commit identity theft.
The Coca-Cola data breach was first uncovered in September 2017 by law enforcement who, after notifying Coca-Cola, conducted an extensive investigation to determine the source of the leak and the damage caused. It isn’t known as to why the employee in question stole the data, but the fact that they are a fired employee gives some clue that this may be retaliatory. As to what they wanted to do with the data, it’s more than likely that they were going to profit on the Dark Web with some insider information. Hackers would kill to have the ability to pretend to be an employee at a major company during their attack, and the 8,000 identities to choose from certainly helps.
Featured image: Flickr / Mike Mozart