A Carbon County, Pa., man has filed a class action suit at the U.S. District Court for the Eastern District of Pennsylvania against soft drink giant Coca-Cola and its regional distribution subsidiaries on behalf of an estimated 70,000 people whose information and identities have been allegedly compromised by the theft of 55 laptops from the company's Atlanta headquarters over a six year period.
Shane Enslin, of Albrightsville, Pa., has brought the action to federal court seeking more than $5 million in damages for the thousands of current and former employees that had their personal information threatened by the thefts. He claims that the corporation failed to not only protect the data, but also adequately notify the potential victims of the breach.
The thefts of the laptops had gone unnoticed until November 2013, when they recovered the hardware. After analyzing the contents, the company realized that the employee information had been accessible and sent out a letter in January 2014 warning those who were compromised. The information saved on the laptops included social security numbers, drivers license records, physical addresses, email addresses and other financial information.
The plaintiff had not worked for Coca-Cola since 2007, when he served as a service technician based out of the company's distribution plant, Keystone Coca-Cola, based in the Poconos.
Enslin claims that unknown parties have attempted to steal his identity, make unauthorized purchases and open new credit accounts. He says that if he had received proper notification, Enslin could have put more security measures on his accounts.
According to the claim, within months after receiving the data breach notification, Enslin's information was used to purchase more than $950 in merchandise from Bloomingdale's, which was shipped to an address in Staten Island, N.Y. The action forced Enslin to close his longtime accounts and open new ones. Another attempt to purchase items from Fingerhut was made, then the suspects tried to change the addresses for all of his accounts to the Staten Island location.
In April 2014, the claim says, the data thieves took control of his Capital One account and Best Buy account and attempted to use his checking account to pay off the outstanding balances, then issue a new card to the Staten Island address. The suspects also used a new, password protected credit card to make purchases in Ireland. Finally, in July 2014, someone used Enslin's identity to obtain a job with UPS.
The plaintiff says that Coca-Cola's security failures as forced the victims to spend valuable time and money protecting themselves from the breaches. The suit accuses the company if receiving unjust enrichment by not covering the cost of superior data protection software and practices. Coca-Cola breached its contract when it obtained the employee information and failed to keep it secure, the claim says.
The class action is represented by Donald Haviland of Haviland Hughes in Ambler, Pa.
The federal case ID is 2:14-cv-06476-JHS.
Class action filed against Coca-Cola over alleged data breach
ORGANIZATIONS IN THIS STORY