Pepsi Bottling Ventures suffers data breach due to information-stealing malware

Pepsi Bottling Ventures suffers data breach due to information-stealing malware

via focal point / Shutterstock.com

Pepsi Bottling Ventures LLC, the largest manufacturer and distributor of Pepsi-Cola beverages in the U.S., recently suffered a data breach after cybercriminals infected its systems with information-stealing malware.

According to the security incident notice Pepsi filed in the Attorney General of Montana (via BleepingComputer), the data breach occurred on or around December 23, 2022. However, it wasn't until January 10, 2023 that Pepsi Bottling Ventures discovered the illegal activity.

"Based on our preliminary investigation, an unknown party accessed [our internal IT systems] on or around December 23, 2022, installed malware, and downloaded certain information contained on the accessed IT systems," the notice stated. "We took prompt action to contain the incident and secure our systems. While we are continuing to monitor our systems for unauthorized activity, the last known date of unauthorized IT system access was January 19, 2023."

The following information was impacted according to Pepsi's investigation:

• First and last names (including individual and/or parents' legal surname prior to marriage)
• Home addresses
• Email addresses
• Financial account information (including passwords, PINs, and access numbers)
• State and Federal government-issued ID numbers and driver's license numbers
• ID cards
• Social Security Numbers (SSNs)
• Passport information
• Digital signatures
• Information related to benefits and employment (including health insurance claims and medical history)

In response to the incident, Pepsi says that it promptly reported the incident to law enforcement, suspended all affected systems, and began to an investigation to understand the scope of and impact of the incident. The company claims to have also strengthened the security of its networks and increased technological security by requiring password changes.

As of this writing, it is not yet known how many people were affected by the breach. Nonetheless, as a move to "relieve concerns and restore confidence" in the company, Pepsi Bottling Ventures will provide affected people a year's worth of free identity monitoring services from risk and financial advisory solutions company Kroll. These services include credit monitoring, identity theft restoration, and $1 million identity fraud loss reimbursement.

Source: Pepsi Bottling Ventures via BleepingComputer