Leading food and beverage company Pepsi alerted its customers regarding a data breach incident: an unauthorized access on its certain internal IT systems. However, it has not confirmed whether the customer data was exploited.
According to the notification shared by the organization, the cyberattack on Pepsi Bottling Ventures occurred around or on December 23, 2022.
Pepsi Bottling Ventures is the largest manufacturer, seller, and distributor of Pepsi-Cola beverage and has over 18 locations in North Carolina, South Carolina, Maryland, and Delaware.
Cyberattack at Pepsi Bottling Ventures
Upon preliminary investigation, the company found that an unknown party had accessed and installed malware on its IT systems. Following this, they had also downloaded data from the breached devices.
It is speculated that the following user data may have been accessed during the cyberattack on Pepsi Bottling Ventures:
- First and last names
- Individual and/ or parents’ legal surnames prior to marriage
- Residential addresses
- Email IDs
- Financial account data including passwords, PIN codes, and other credentials
- State and federal government-issued identification numbers including driving licenses, ID cards
- Social security numbers
- Passport data
- Digital signatures
- Benefits and employment data
- Medical history
- Health insurance data
Post detecting the cyberattack, Pepsi Bottling Ventures promptly alerted law enforcement. The unauthorized access stopped by January 19, 2023. The affected systems have been suspended.
According to a report by The Register, an information-stealing malware was deployed to conduct the cyberattack at Pepsi Bottling Ventures.
Security measures taken post the cyberattack on Pepsi Bottling Ventures LLC
Following the potential data theft at Pepsi Bottling Ventures, the company secured the services of Kroll to offer identity monitoring to users free of charge for a year. Kroll offers risk mitigation guidance to users and entities that suffered exposure to confidential data.
Users or employees who detect any suspicious activities in their systems or accounts can use Kroll services to monitor credit, fetch current credit reports, web watcher, public persona, cash scan, and $1 million identity fraud loss reimbursement, etc. to keep a watch on their accounts.
Pepsi Bottling Ventures has urged all users to change their usernames, passwords, answers to security questions, and any other confidential information as a precautionary measure following the cyberattack.
According to a marketscreener report, the board of Pepsi receives regular and timely updates about risk management which the group review periodically. The report highlighted the efforts taken to curb risk to its systems mostly by its Global Chief Information Security Officer.