Pepsi Bottling Ventures has disclosed that the personal data of 28,000 employees was stolen during a malware attack at the end of last year. Pepsi Bottling Ventures is the largest producer of beverages such as Pepsi-Cola, Dr. Pepper, Starbucks, and Lipton in North America. On January 10th, the company discovered unauthorized activity on its IT systems.
Malware Infection and Data Compromise
Subsequent investigation revealed that an attacker had infected the systems with malware around December 23rd and downloaded data. The stolen information includes names, addresses, email addresses, account details (including a limited number of passwords, PIN codes, or other access credentials), identification numbers such as driver’s license and ID card numbers, social security numbers, passport information, digital signatures, and employment-related information, including limited medical history and health claims.
Attack Details and Mitigation Measures
Specific details regarding the attacker’s method of accessing the systems and the exact nature of the malware have not been disclosed. Following the attack, various measures were implemented, including resetting all company passwords. Affected individuals are eligible for one year of free credit monitoring. While Pepsi Bottling Ventures had previously reported the data breach earlier this year, the number of affected individuals, 28,000, was recently disclosed in a data breach notification to the Attorney General of Maine. Initially, this number was unknown. Pepsi Bottling Ventures is a joint venture between PepsiCo and the Suntory Group.
Note: The information provided is based on the announcement made by Pepsi Bottling Ventures regarding the malware attack and data breach. Additional developments or updates may arise as more information becomes available.