In direction of the top of final 12 months, malicious hackers broke into the programs of Pepsi Bottling Ventures, the biggest privately-owned bottler of Pepsi-Cola drinks within the USA, and put in malware.
For nearly the month the malware secretly exfiltrated personally identifiable data (PII) from the corporate’s community.
The primary Pepsi Bottling Ventures knew in regards to the unauthorized entry to its community was on January 10 2023, but it surely took an additional 9 days till the organisation fully shut the attackers out of its programs.
As Bleeping Laptop reviews, a notification letter despatched to affected people confirms {that a} worrying array of knowledge was stolen:
- Full title
- House deal with
- Monetary account data (together with passwords, PINs, and entry numbers)
- State and Federal government-issued ID numbers and driving license numbers
- ID playing cards
- Social Safety Numbers (SSNs)
- Passport data
- Digital signatures
- Info associated to advantages and employment (medical insurance claims and medical historical past)
Clearly the potential exists for cybercriminals to take advantage of the data stolen from the corporate’s community to launch phishing assaults and try and commit id theft.
What is not clear from the notification letter is how many individuals could also be affected by the information breach, and whether or not any enterprise companions or clients are impacted. It definitely seems, from the data shared up to now, that the data stolen pertains to Pepsi staff.
Affected people are being supplied free id monitoring for one 12 months. Â Pepsi can also be recommending that customers change their login credentials, and be certain that they don’t seem to be utilizing the identical password anyplace else on the web.
The corporate says that it has knowledgeable regulation enforcement companies of the assault, reset firm passwords, and put in place extra measures to safe its community.