Largest Bottler of Pepsi-Cola Falls Victim to a Data Breach
Pepsi Bottling Ventures LLC, which is based in Raleigh, North Carolina is the largest bottler of Pepsi Cola in the United States, operating a total of 18 bottling facilities. According to a letter filed with Montana’s Attorney General Office, an unknown party infiltrated the company’s internal IT systems on December 23, 2022, and gained access to key systems at Pepsi Bottling Ventures. The threat actors then installed information-stealing malware and extracted data from the systems that included the personal identifiable information (PII) of company employees. It is uncertain how many employees were affected by the attack, but the company currently employs 2,300 workers across five states. Past employees, or those who have applied for employment with Pepsi Bottling Ventures may have been compromised as well. Some of the data that was accessed included names, home addresses, email addresses, Social Security Numbers, Driver’s license numbers, and other state and federal government-issued ID numbers. Other information included financial account information such as passwords and PINs as well as digital signatures. It is not known what type of malware was involved in the attack.
|IDENTIFY INDICATORS OF COMPROMISE (IOC)|
The company was informed on January 10 that some type of unauthorized activity was taking place on its network. While the company promptly began an investigation, it was not able to completely remediate the intrusion until January 19, thus giving the attackers a 27-day window since first breaking in on December 23.
|CONTAINMENT (If IoCs are identified)|
Pepsi Bottling Ventures has been actively monitoring their internal systems and network since first being informed of the suspicious activity. The company’s IT department set out to contain the attack after learning of it and took down all systems that were thought to be compromised until complete remediation could be confirmed. The company contacted local law enforcement and all passwords were reset within the company. A separate investigation is ongoing and there is no evidence that any of the compromised data has been misused. Notification letters were sent to any person that may have been affected by the breach to inform them of the incident. Pepsi Bottling Ventures has offered free identity monitoring services, for a year, to all of those impacted by the event.
A well-designed access control security strategy is essential when protecting the sensitive data of employees, customers, or third parties. Proper access control restricts access to a system, datastore, or resource by enforcing the principle of least privilege (PoLP), ensuring that only authorized users have the select access they require for their job role. Least privilege is enforced using some combination of physical and logical security controls. This includes strong password policies, multifactor authentication (MFA), and firewall segmentation to isolate sensitive resources from the general network. All sensitive data should be encrypted at rest and in transit using the latest encryption protocols. Even if the data is then compromised and exfiltrated, the threat actor cannot do anything with the data without the required decryption key. This combination of access control and encryption should be included in any cybersecurity strategy.