The stolen information includes personal information of employees, including financial account information, state and federal government-issued ID numbers, driver’s license numbers, ID cards, social security numbers, and digital signatures. Credit: Thinkstock Pepsi Bottling Ventures, the largest bottlers of Pepsi beverages in the US, has reported a data breach affecting the personal information of several employees. The company filed a notice of the data breach with the Attorney General of Montana on February 10 after discovering that a threat actor had accessed confidential information of certain current and former employees. “As a precautionary measure, we are writing to make you aware of an incident that may affect the security of some of your personal information,” the company wrote in its incident report. It said that as of now it is not aware of any kind of identity theft or fraud involving the leaked personal data. The stolen information included “full name, home address, financial account information (including passwords, PINs, and access numbers), state and federal government-issued ID numbers and driver’s license numbers, ID cards, social security numbers, passport information, digital signatures, and information related to benefits and employment (health insurance claims and medical history),” Pepsi Bottling Ventures said. Incident discovered 18 days laterOn January 10, the company discovered that unauthorized activity was reported on certain internal IT systems. “Based on our preliminary investigation, an unknown party accessed those systems on or around December 23, 2022, installed malware, and downloaded certain information contained on the accessed IT systems,” the company said. The last known date of unauthorized IT system access was January 19. “We took prompt action to contain the incident and secure our systems. We reported the incident to law enforcement and are cooperating with their investigation,” the company said. The stolen personal information can be used for identity theft, financial fraud, misuse of medical information, and social engineering attacks. The incident report, however, does not specify the number of employees, suppliers, or customers whose personal information was stolen. The company has suspended all the affected systems and reset all company passwords following the incident. Pepsi Bottling Ventures is offering a year’s “free-of-cost” identity monitoring services through Kroll for affected individuals. The identity monitoring services include “Credit Monitoring, Current Credit Report, Web Watcher, Public Persona, Quick Cash Scan, $1 Million Identity Fraud Loss Reimbursement, Fraud Consultation, and Identity Theft Restoration,” the company said. Related content news Apple patches info-stealing, zero day bugs in iPads and Macs The vulnerabilities that can allow the leaking of sensitive information and enable arbitrary code execution have had exploitations in the wild. By Shweta Sharma Dec 01, 2023 3 mins Zero-day vulnerability Vulnerabilities Security feature The CSO guide to top security conferences Tracking postponements, cancellations, and conferences gone virtual — CSO Online’s calendar of upcoming security conferences makes it easy to find the events that matter the most to you. By CSO Staff Dec 01, 2023 6 mins Technology Industry IT Skills Events news Conti-linked ransomware takes in $107 million in ransoms: Report A ransomware campaign linked to the ostensibly defunct Conti malware group has targeted mostly US businesses, in a costly series of attacks. By Jon Gold Nov 30, 2023 4 mins Ransomware news Okta confirms recent hack affected all customers within the affected system Contrary to its earlier analysis, Okta has confirmed that all of its customer support system users are affected by the recent security incident. By Shweta Sharma Nov 30, 2023 3 mins Data Breach Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe