In the direction of the tip of final 12 months, malicious hackers broke into the techniques of Pepsi Bottling Ventures, the most important privately-owned bottler of Pepsi-Cola drinks within the USA, and put in malware.
For nearly the month the malware secretly exfiltrated personally identifiable info (PII) from the corporate’s community.
The primary Pepsi Bottling Ventures knew in regards to the unauthorized entry to its community was on January 10 2023, however it took an extra 9 days till the organisation utterly shut the attackers out of its techniques.
As Bleeping Pc reports, a notification letter despatched to affected people confirms {that a} worrying array of knowledge was stolen:
- Full title
- House handle
- Monetary account info (together with passwords, PINs, and entry numbers)
- State and Federal government-issued ID numbers and driving license numbers
- ID playing cards
- Social Safety Numbers (SSNs)
- Passport info
- Digital signatures
- Data associated to advantages and employment (medical health insurance claims and medical historical past)
Clearly the potential exists for cybercriminals to use the data stolen from the corporate’s community to launch phishing assaults and try to commit identification theft.
What is not clear from the notification letter is how many individuals could also be affected by the information breach, and whether or not any enterprise companions or clients are impacted. It actually seems, from the data shared thus far, that the data stolen pertains to Pepsi staff.
Affected people are being supplied free identification monitoring for one 12 months. Pepsi can be recommending that customers change their login credentials, and make sure that they don’t seem to be utilizing the identical password anyplace else on the web.
The corporate says that it has knowledgeable legislation enforcement businesses of the assault, reset firm passwords, and put in place extra measures to safe its community.