Pepsi Bottling Ventures, the largest bottlers of Pepsi beverages in the US, has reported a data breach affecting the personal information of several employees. The company filed a notice of the data breach with the Attorney General of Montana on February 10 after discovering that a threat actor had accessed confidential information of certain current and former employees. 

“As a precautionary measure, we are writing to make you aware of an incident that may affect the security of some of your personal information,” the company wrote in its incident report. It said that as of now it is not aware of any kind of identity theft or fraud involving the leaked personal data. 

The stolen information included “full name, home address, financial account information (including passwords, PINs, and access numbers), state and federal government-issued ID numbers and driver’s license numbers, ID cards, social security numbers, passport information, digital signatures, and information related to benefits and employment (health insurance claims and medical history),” Pepsi Bottling Ventures said. 

Incident discovered 18 days later

On January 10, the company discovered that unauthorized activity was reported on certain internal IT systems. “Based on our preliminary investigation, an unknown party accessed those systems on or around December 23, 2022, installed malware, and downloaded certain information contained on the accessed IT systems,” the company said. The last known date of unauthorized IT system access was January 19. 

“We took prompt action to contain the incident and secure our systems. We reported the incident to law enforcement and are cooperating with their investigation,” the company said. 

The stolen personal information can be used for identity theft, financial fraud, misuse of medical information, and social engineering attacks. The incident report, however, does not specify the number of employees, suppliers, or customers whose personal information was stolen. The company has suspended all the affected systems and reset all company passwords following the incident. 

Pepsi Bottling Ventures is offering a year’s “free-of-cost” identity monitoring services through Kroll for affected individuals. The identity monitoring services include “Credit Monitoring, Current Credit Report, Web Watcher, Public Persona, Quick Cash Scan, $1 Million Identity Fraud Loss Reimbursement, Fraud Consultation, and Identity Theft Restoration,” the company said.