In late 2020, Pepsi Bottling Ventures, the largest privately-owned bottler of Pepsi-Cola beverages in the USA, was the victim of a malicious cyber attack. The attackers installed malware on the company’s network, which went undetected for almost a month and exfiltrated personally identifiable information (PII). It wasn’t until January 10 2023 that Pepsi Bottling Ventures became aware of the attack and took a further nine days to completely shut the attackers out.
Bleeping Computer reported that a notification letter sent to affected individuals reveals the data stolen included full names, home addresses, financial account information (including passwords, PINs, and access numbers), state and federal government-issued ID numbers and driving license numbers, ID cards, Social Security Numbers (SSNs), passport information, digital signatures, and information related to benefits and employment (health insurance claims and medical history).
The data breach has put individuals at risk of identity theft and phishing attacks. It remains unclear how many people were affected and whether any customers or business partners were impacted. The notification letter indicates that the information stolen relates to Pepsi employees.
As a gesture of goodwill, Pepsi Bottling Ventures is offering free identity monitoring for one year and recommending that users change their login credentials and not use the same password anywhere else on the internet. The company has also informed law enforcement agencies of the attack and taken measures to secure its network.
The malicious attack on Pepsi Bottling Ventures highlights the importance of data security and the need for companies to take measures to protect their systems from potential cyber threats. Key Points:
• Pepsi Bottling Ventures was the victim of a malicious cyber attack in late 2020
• The attackers installed malware on the company’s network which exfiltrated personally identifiable information
• The data stolen included full names, home addresses, financial account information, ID cards, and more
• Pepsi is offering free identity monitoring for one year and has informed law enforcement agencies of the attack
• The attack highlights the importance of data security and the need for companies to protect their systems from cyber threats