The stolen information includes personal information of employees, including financial account information, state and federal government-issued ID numbers, driver’s license numbers, ID cards, social security numbers, and digital signatures. Credit: Thinkstock Pepsi Bottling Ventures, the largest bottlers of Pepsi beverages in the US, has reported a data breach affecting the personal information of several employees. The company filed a notice of the data breach with the Attorney General of Montana on February 10 after discovering that a threat actor had accessed confidential information of certain current and former employees. “As a precautionary measure, we are writing to make you aware of an incident that may affect the security of some of your personal information,” the company wrote in its incident report. It said that as of now it is not aware of any kind of identity theft or fraud involving the leaked personal data. The stolen information included “full name, home address, financial account information (including passwords, PINs, and access numbers), state and federal government-issued ID numbers and driver’s license numbers, ID cards, social security numbers, passport information, digital signatures, and information related to benefits and employment (health insurance claims and medical history),” Pepsi Bottling Ventures said. Incident discovered 18 days laterOn January 10, the company discovered that unauthorized activity was reported on certain internal IT systems. “Based on our preliminary investigation, an unknown party accessed those systems on or around December 23, 2022, installed malware, and downloaded certain information contained on the accessed IT systems,” the company said. The last known date of unauthorized IT system access was January 19. “We took prompt action to contain the incident and secure our systems. We reported the incident to law enforcement and are cooperating with their investigation,” the company said. The stolen personal information can be used for identity theft, financial fraud, misuse of medical information, and social engineering attacks. The incident report, however, does not specify the number of employees, suppliers, or customers whose personal information was stolen. The company has suspended all the affected systems and reset all company passwords following the incident. Pepsi Bottling Ventures is offering a year’s “free-of-cost” identity monitoring services through Kroll for affected individuals. The identity monitoring services include “Credit Monitoring, Current Credit Report, Web Watcher, Public Persona, Quick Cash Scan, $1 Million Identity Fraud Loss Reimbursement, Fraud Consultation, and Identity Theft Restoration,” the company said. Related content news analysis SEC rule for finance firms boosts disclosure requirements Amendments to Regulation S-P requires broker-dealers, investment companies, registered investment advisers, and transfer agents to disclose incidents to customers. By Evan Schuman May 17, 2024 5 mins Data Breach Financial Services Industry Data Privacy feature DDoS attacks: Definition, examples, and techniques Distributed denial of service (DDoS) attacks have been part of the criminal toolbox for over twenty years, and they’re only growing more prevalent and stronger. By Josh Fruhlinger May 17, 2024 10 mins DDoS Cyberattacks news FCC proposes BGP security measures Protecting the Border Gateway Protocol is as important as protecting the border. By Gyana Swain May 17, 2024 1 min Regulation Network Security news US AI experts targeted in cyberespionage campaign using SugarGh0st RAT Threat actors use phishing techniques to obtain non-public information about generative artificial intelligence. By Lucian Constantin May 16, 2024 4 mins Phishing Data and Information Security PODCASTS VIDEOS RESOURCES EVENTS SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe