Pepsi Bottling Ventures, the largest maker of popular drinks such as Pepsi-Cola, Mountain Dew, Schweppes, Lipton and many more, recently suffered a data breach. The leak to the dark web was caused by a cyber attack, during which the attackers managed to inject malware into the company's internal systems, and then extract all the necessary data at the most convenient moment.
In a typical cybersecurity incident notice filed with the Montana Attorney General's Office, the company explains that the hack took place as early as December 23 last year. But its effects were discovered only this year, on January 10th.
“According to our preliminary investigation, an unknown party gained access to our internal IT systems around December 23, 2022. Installed malware and uploaded certain information contained in these systems,” the notice says.
“We took swift action to contain the incident and secure our systems. While we continue to monitor our systems for unauthorized activity, the last known date of unauthorized access was January 19, 2023,” the same notice reads.
Based on the results of the internal investigation, the following information was raised. At the same time, it was not disclosed whether this data belonged to employees of the company or its customers.
- Full names;
- Home addresses;
- Financial account information (including passwords, PINs and access codes);
- State and Federal Identification Numbers and Driver's License Numbers;
- ID cards;
- Social security numbers;
- Passport data;
- Digital Signatures;
- Information related to benefits and employment.
In response to this incident, the company implemented additional network security measures, reset all passwords, and informed law enforcement. Currently, the review of potentially affected records and systems is still ongoing, and their performance is temporarily suspended.
Breach notification recipients are offered a free year-long identity monitoring service to help prevent the theft of other personal data that hackers have not yet been able to access.