Pepsi Bottling Ventures network has been breached by thr threat actors and they successfully installed info-stealing malware.
The security incident happened on or around December 23rd, 2022, and the team discovered it 18 days later, on January 10th, 2023.
It took the IT team another 9 days to remediate the breach and secure the system. So, the hackers had around 27 days to exploit the data breach.
e data breach exposed names, home and email addresses, IDs, and drivers license numbers. But, the incident also exposed financial account information, like passwords, pins, and access numbers. It also revealed extremely sensitive data, like ID cards, social security numbers, passport information, and digital signatures.
It is not clear how many user data were impacted by the malware attack or if stolen data belongs to employees, customers, or both. This is serious because apart from phishing attacks, threat actors could try to use the data for identity theft.
The company advised users to reset username and passwords of their individual accounts
In order to mitigate the identity theft risk, they also offer free identity monitoring services for one year.