In a breach notification letter sent to customers, CEO Derek Hill said the breach occurred on 23rd December last year, but was only discovered on 10th January.
According to the initial investigation, the intruder accessed the firm’s internal IT systems, installed malicious software and stole “certain information” from infected systems.
The stolen information included complete names, email addresses, home addresses and government-issued identification, such as passport numbers, social security numbers and driver’s license numbers.
The attacker(s) also took certain financial information belonging to a “limited number” of people, including passwords, PIN codes and other access numbers, as well as digital signatures, health insurance policy numbers and benefit and employment information.
The company says the last unauthorised access to its IT system was on 19th January 2023, more than a week after it discovered the breach.
Pepsi Bottling Ventures (PBV) says it took “immediate steps” to safeguard its IT systems, and reported the matter to law authorities.
The company has removed all impacted systems from regular operations as it reviews potentially affected data and systems. It has also increased network security measures and reset all company passwords.
At the time of writing the firm had not seen of any applications of the stolen data, like identity theft or other fraudulent activities.
PBV says it does not know how many people the data leak has affected, or whether those affected were customers or workers.
Individuals who received the breach notifications are being provided with the now-traditional one-year free-of-charge identity monitoring service by Kroll, to help them deal with any resulting identity theft.
PBV has recommended that users immediately change their username, password and security question answers for any accounts or account information they have with the firm.
Users have also been advised to take any other necessary steps to safeguard other online accounts that share the same username, password or security question answers.
Pepsi Bottling Ventures is the biggest bottler of Pepsi-Cola drinks in the USA, with 18 plants across the country. It is responsible for the production, sales and distribution of several well-known consumer brands such as Pepsi, Tropicana and Starbucks’ Frappuccino.
The incident follows a number of similar network intrusions in recent months.
Email marketing firm Mailchimp disclosed a data breach in January that enabled malicious actors to access internal customer support and account administration tools, and view data of 133 customers.
Also last month, PayPal sent data breach warnings to nearly 35,000 users whose accounts were compromised as a result of a widespread credential stuffing attack in December 2022.
Source link