The stolen information includes personal information of employees, including financial account information, state and federal government-issued ID numbers, driver’s license numbers, ID cards, social security numbers, and digital signatures. Credit: Thinkstock Pepsi Bottling Ventures, the largest bottlers of Pepsi beverages in the US, has reported a data breach affecting the personal information of several employees. The company filed a notice of the data breach with the Attorney General of Montana on February 10 after discovering that a threat actor had accessed confidential information of certain current and former employees. “As a precautionary measure, we are writing to make you aware of an incident that may affect the security of some of your personal information,” the company wrote in its incident report. It said that as of now it is not aware of any kind of identity theft or fraud involving the leaked personal data. The stolen information included “full name, home address, financial account information (including passwords, PINs, and access numbers), state and federal government-issued ID numbers and driver’s license numbers, ID cards, social security numbers, passport information, digital signatures, and information related to benefits and employment (health insurance claims and medical history),” Pepsi Bottling Ventures said. Incident discovered 18 days laterOn January 10, the company discovered that unauthorized activity was reported on certain internal IT systems. “Based on our preliminary investigation, an unknown party accessed those systems on or around December 23, 2022, installed malware, and downloaded certain information contained on the accessed IT systems,” the company said. The last known date of unauthorized IT system access was January 19. “We took prompt action to contain the incident and secure our systems. We reported the incident to law enforcement and are cooperating with their investigation,” the company said. The stolen personal information can be used for identity theft, financial fraud, misuse of medical information, and social engineering attacks. The incident report, however, does not specify the number of employees, suppliers, or customers whose personal information was stolen. The company has suspended all the affected systems and reset all company passwords following the incident. Pepsi Bottling Ventures is offering a year’s “free-of-cost” identity monitoring services through Kroll for affected individuals. The identity monitoring services include “Credit Monitoring, Current Credit Report, Web Watcher, Public Persona, Quick Cash Scan, $1 Million Identity Fraud Loss Reimbursement, Fraud Consultation, and Identity Theft Restoration,” the company said. Related content feature Top cybersecurity M&A deals for 2023 Fears of recession, rising interest rates, mass tech layoffs, and conservative spending trends are likely to make dealmakers cautious, but an ever-increasing need to defend against bigger and faster attacks will likely keep M&A activity steady in By CSO Staff Sep 22, 2023 24 mins Mergers and Acquisitions Mergers and Acquisitions Mergers and Acquisitions brandpost Unmasking ransomware threat clusters: Why it matters to defenders Similar patterns of behavior among ransomware treat groups can help security teams better understand and prepare for attacks By Joan Goodchild Sep 21, 2023 3 mins Cybercrime news analysis China’s offensive cyber operations support “soft power” agenda in Africa Researchers track Chinese cyber espionage intrusions targeting African industrial sectors. By Michael Hill Sep 21, 2023 5 mins Advanced Persistent Threats Cyberattacks Critical Infrastructure brandpost Proactive OT security requires visibility + prevention You cannot protect your operation by simply watching and waiting. It is essential to have a defense-in-depth approach. By Austen Byers Sep 21, 2023 4 mins Security Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe