Identity Theft Spurs Coca-Cola Data Breach Class Action Lawsuit

Top Class Actions’s website and social media posts use affiliate links. If you make a purchase using such links, we may receive a commission, but it will not result in any additional charges to you. Please review our Affiliate Link Disclosure for more information.

A Coca-Cola subsidiary employee says that the company’s lax security practices led to his personal identifying information (PII) being used by criminals for financial fraud and even to apply for another job, according to a new Coca-Cola data breach class action lawsuit.

Plaintiff Shane Enslin alleges that as an employee at a bottling plant in Pennsylvania, he was entrusted with access to numerous facilities in the state and in return, put his trust in the multinational corporation that it would protect his personal identifying information. Unfortunately, the class action lawsuit alleges the company failed to do so.

Enslin alleges that more than 50 laptops were lost, including some to criminals, over the course of a six-year period. As a result of losing his financial account information, income and motor vehicle records, which was reportedly left in plain text. “Mr. Enslin has suffered from attempts to use, and actual use of, his credit and bank accounts by unknown third parties,” according to the class action lawsuit. Some criminals even applied for a job as a UPS driver using the man’s information, the complaint notes.

According to the class action lawsuit, Coca-Cola did not notify current or former employees of the breach until February 2014, well after the thefts occurred.

Some of the people behind at least one data breach have been arrested on charges of theft of laptops and sending the information to other parties, according to the Coca-Cola class action lawsuit. However, as Enslin’s complaint drolly notes, Coca-Cola has purportedly not taken the same care of employee data as it has the secret recipe for its most popular product, which has not been made public for a century.

In fact, the class action lawsuit notes that the company should have already been aware of problems regarding its data security. A 2009 hack by a Chinese group while Coca-Cola was in the midst of a takeover by a company abroad resulted in the dissemination of numerous records regarding corporate finances and other information. Reports following that incident indicated that the company would benefit from improving its data security policies, something Coca-Cola evidently failed to do after the 2009 incident and prior to 2013, according to the complaint.

Enslin seeks to represent a Class of all current and former employees of Coke who, beginning in at least January 2006, “had their PII accessed, disseminated and used by unauthorized users as a result of the theft of computers owned by Coke.” The number of eligible plaintiffs could reach 74,000. The data breach class action lawsuit seeks damages on counts of violations of the Drivers Privacy Protection Act, negligence, breaches of contracts and a covenant of good faith and conspiracy, among others.

Enslin is represented by Donald E. Haviland, Jr. of Haviland Hughes LLC.

The Coca-Cola Data Breach Class Action Lawsuit is Shane K. Enslin, et al. v. The Coca-Cola Co., et al., Case No. 2:14-cv-06476, in the U.S. District Court for the Eastern District of Pennsylvania.