Pepsi Bottling Ventures, the largest bottler of Pepsi-Cola beverages in the United States, has suffered a data breach caused by a network intrusion. The breach resulted in the installation of information-stealing malware, leading to the extraction of data from the company’s IT systems.
The breach was discovered on January 10th, 2023, 18 days after it had occurred on December 23, 2022. In a notice filed with Montana’s Attorney General office, Pepsi Bottling Ventures stated that the breach had been caused by an unknown party who had accessed their internal IT systems and downloaded certain information contained on the accessed systems.
The data that has been impacted as a result of the breach includes full names, home addresses, financial account information (including passwords, PINs, and access numbers), state and federal government-issued ID numbers and driver’s license numbers, ID cards, social security numbers (SSNs), passport information, digital signatures, and information related to benefits and employment (health insurance claims and medical history).
In response to the breach, Pepsi Bottling Ventures has taken several measures to secure its systems, including the implementation of additional network security measures, resetting all company passwords, and informing law enforcement authorities. The company has suspended all affected systems from its regular operations while a review of potentially affected records and systems is underway.
Affected individuals are being offered a one-year identity monitoring service through Kroll to help prevent identity theft that may occur as a result of the stolen data. However, it is still unclear how many individuals were affected by the breach and whether the affected parties include customers or employees.
Data breaches are becoming increasingly common, and it’s crucial for companies to implement robust security measures to protect sensitive information from cyberattacks. In the case of Pepsi Bottling Ventures, the long exposure window (18 days) between the breach and its discovery highlights the importance of regular monitoring and prompt action in the event of a breach.