Pepsi Bottling Ventures LLC suffered a data breach caused by a network intrusion that resulted in the installation of information-stealing malware and the extraction of data from its IT systems.
Pepsi Bottling Ventures is the largest bottler of Pepsi-Cola beverages in the United States, responsible for manufacturing, selling, and distributing popular consumer brands. It operates 18 bottling facilities across North and South Carolina, Virginia, Maryland, and Delaware.
In a sample security incident notice filed with Montana’s Attorney General office, the company explains that the breach occurred on December 23, 2022. But it wasn’t until January 10th 2023, or 18 days later that it was discovered, with remediation taking even longer.
“Based on our preliminary investigation, an unknown party accessed [our internal IT systems] on or around December 23, 2022, installed malware, and downloaded certain information contained on the accessed IT systems,” reads the notice.
“We took prompt action to contain the incident and secure our systems. While we are continuing to monitor our systems for unauthorized activity, the last known date of unauthorized IT system access was January 19, 2023.”
Based on the results of Pepsi’s internal investigation so far, the following information has been impacted:
- Full name
- Home address
- Financial account information (including passwords, PINs, and access numbers)
- State and Federal government-issued ID numbers and driver’s license numbers
- ID cards
- Social Security Numbers (SSNs)
- Passport information
- Digital signatures
- Information related to benefits and employment (health insurance claims and medical history)
