PEPSI DATA BREACH

Introduction:

Pepsi bottling venture, America’s largest manufacturer and distributor of Pepsi cola beverages said that its network was breached by a threat. Pepsi has sent notice to all affected consumers, claiming that the breach was executed by deploying info-stealing malware around December 2022. However, Pepsi was not aware of the criminal activity until almost 3 weeks later 2023. The information leaked was names, addresses, financial data, passwords, pin codes, and driver’s licenses.

 

Incident & Impact:

Pepsi Bottling Ventures (PBV) Is the Nation’s Largest Privately-Held Manufacturer, Seller, And Distributor of Pepsi-Cola Beverages – Some of The World’s Most Recognized Consumer Brands. On January 10, 2023. It’s unknown who accessed the internal IT systems of the corporation, but they have managed to install malware and extract information belonging to the employees and clients of the company. They are continuing to monitor our systems for unauthorized activity, the last known date of unauthorized IT system access was January 19, 2023. Based on the results of Pepsi’s internal investigation so far, these are the following information that got leaked – Full name, Home address, Financial account information (including passwords, PINs, and access numbers), State and Federal government-issued ID numbers and driver’s license numbers, ID cards, Social Security Numbers (SSNs), Passport information, Digital signatures, Information related to benefits and employment (health insurance claims and medical history). The law firm of Federman & Sherwood has initiated an investigation into Pepsi Bottling Ventures, LLC., the Nation’s Largest Privately-Held Manufacturer, Seller, and Distributor of Pepsi-Cola Products (with 18 locations in North Carolina, South Carolina, Maryland, and Delaware) with respect to a data breach.

This incident has exposed numerous amounts of data of individuals, the threat obviously remains as the stolen data can still be used in cyber-attacks at any time. The stolen data may be sold on dark web forums and used for cybercrimes such as identity theft, doxing, phishing, and other types of social engineering.

 

Remediation:

In response to this incident, the company has implemented additional network security measures, reset all company passwords, and informed the law enforcement authorities.

At this time, the review of potentially affected records and systems is still underway, while all affected systems have been suspended from the firm’s regular operations.

Following steps may help limit the impact:

  1. Immediately disconnect the infected computers, laptops, or tablets from all network connections, whether wired, wireless or mobile phone-based.
  2. In a very serious case, consider whether turning off your Wi-Fi, disabling any core network connections (including switches), and disconnecting from the internet might be necessary.
  3. Reset credentials including passwords (especially for administrator and other system accounts) – but verify that you are not locking yourself out of systems that are needed for recovery.
  4. Safely wipe the infected devices and reinstall the OS.
  5. Before you restore from a backup, verify that it is free from any malware. You should only restore from a backup if you are very confident that the backup and the device you’re connecting it to are clean.
  6. Connect devices to a clean network in order to download, install and update the OS and all other software.
  7. Install, update, and run antivirus software, and reconnect to your network.
  8. Monitor network traffic and run antivirus scans to identify if any infection remains.