Pepsi Data Breach

A malware attack caused a data breach at Pepsi bottling facilities. An unknown party accessed the company’s IT systems, installed malware and downloaded sensitive data including financial information and ID cards.

Following an internal investigation Pepsi announced that the following information had been impacted:

• Full name

• Home address

• Financial account information (including passwords, PINs, and access numbers)

• State and Federal government-issued ID numbers and driver's license numbers

• ID cards

• Social Security Numbers (SSNs)

• Passport information

• Digital signatures

• Information related to benefits and employment (health insurance claims and medical history)

It was confirmed that the data breach affected current and former employees and contractors.

In response to the incident, the company implemented additional network security measures, reset all company passwords, and informed the relevant authorities.

“We took prompt action to contain the incident and secure our systems. While we are continuing to monitor our systems for unauthorized activity, the last known date of unauthorized IT system access was January 19, 2023. We reported the incident to law enforcement and are cooperating with their investigation,” the company said.

The company stated that it was not aware of the compromised information being misused, but stolen data is usually sold and then used in phishing and other types of attacks.

The breach highlights that companies need to be proactive in protecting their sensitive information and safeguarding against cyber threats.

For help and advice on securing your organisation or managing a cyberattack contact Romano Security Consulting today.