Towards the top of final yr, malicious hackers broke into the methods of Pepsi Bottling Ventures, the biggest privately-owned bottler of Pepsi-Cola drinks within the USA, and put in malware.
For virtually the month the malware secretly exfiltrated personally identifiable data (PII) from the corporate’s community.
The first Pepsi Bottling Ventures knew in regards to the unauthorized entry to its community was on January 10 2023, nevertheless it took an extra 9 days till the organisation fully shut the attackers out of its methods.
As Bleeping Computer reviews, a notification letter despatched to affected people confirms {that a} worrying array of data was stolen:
- Full identify
- Home handle
- Financial account data (together with passwords, PINs, and entry numbers)
- State and Federal government-issued ID numbers and driving license numbers
- ID playing cards
- Social Security Numbers (SSNs)
- Passport data
- Digital signatures
- Information associated to advantages and employment (medical insurance claims and medical historical past)
Clearly the potential exists for cybercriminals to take advantage of the data stolen from the corporate’s community to launch phishing assaults and try and commit identification theft.
What is not clear from the notification letter is how many individuals could also be affected by the information breach, and whether or not any enterprise companions or prospects are impacted. It actually seems, from the data shared up to now, that the data stolen pertains to Pepsi staff.
Affected people are being provided free identification monitoring for one yr. Pepsi can be recommending that customers change their login credentials, and make sure that they don’t seem to be utilizing the identical password anyplace else on the web.
The firm says that it has knowledgeable legislation enforcement companies of the assault, reset firm passwords, and put in place further measures to safe its community.