Pepsi Bottling Ventures, the largest privately-held bottler of Pepsi-Cola products in the United States, says personal information was stolen from its systems following a malware attack.
Founded in 1943, the company operates 18 bottling and distribution facilities in North and South Carolina, Maryland, Virginia, and Delaware, and employs more than 2,300 people.
On February 10, the company started sending out notification letters to inform an unknown number of individuals that their personal information might have been compromised during a month-long data breach.
The incident, Pepsi Bottling Ventures says, was discovered on January 10, but the investigation that was launched into the matter revealed that attackers gained access to the company’s network on December 23. The unauthorized access was blocked on January 19.
While dwelling in Pepsi Bottling Ventures’ network, the attackers deployed malware and downloaded information stored on the systems they had access to, the company notes in the notification letter, a copy of which was filed with the Montana Attorney General.
Stolen personal information includes names, addresses, email addresses, financial information, Social Security numbers, driver’s license numbers, ID card and password information, benefits information, health insurance information, medical history, health and health insurance claims, and digital signatures.
The company says it has taken steps to contain the incident and improve its security, including by prompting a company-wide password reset on all employee accounts.
Pepsi Bottling Ventures did not reveal the type of malware used in the attack and it’s unclear if the attack was conducted by a ransomware group.
SecurityWeek has emailed the company for additional clarifications on the cyberattack and will update this article as soon as a reply arrives.
Related: 20 Million Users Impacted by Data Breach at Instant Checkmate, TruthFinder
Related: 820k Impacted by Data Breach at Zacks Investment Research
Related: 25k Nissan Customers Affected by Data Breach at Third-Party Software Developer
More from Ionut Arghire
- Malicious NuGet Packages Used to Target .NET Developers
- Google Pixel Vulnerability Allows Recovery of Cropped Screenshots
- Millions Stolen in Hack at Cryptocurrency ATM Manufacturer General Bytes
- NBA Notifying Individuals of Data Breach at Mailing Services Provider
- Adobe Acrobat Sign Abused to Distribute Malware
- Latitude Financial Services Data Breach Impacts 300,000 Customers
- US Government Warns Organizations of LockBit 3.0 Ransomware Attacks
- New ‘Trigona’ Ransomware Targets US, Europe, Australia
Latest News
- Oleria Scores $8M Seed Funding for ID Authentication Technology
- Exploitation of 55 Zero-Day Vulnerabilities Came to Light in 2022: Mandiant
- News Analysis: UK Commits $3 Billion to Support National Quantum Strategy
- Malicious NuGet Packages Used to Target .NET Developers
- Google Pixel Vulnerability Allows Recovery of Cropped Screenshots
- Organizations Notified of Remotely Exploitable Vulnerabilities in Aveva HMI, SCADA Products
- Ferrari Says Ransomware Attack Exposed Customer Data
- Aembit Scores $16.6M Seed Funding for Workload IAM Technology
