Pepsi Bottling Ventures LLC suffered a data breach caused by a network intrusion that resulted in the installation of information-stealing malware and the extraction of data from its computer systems.

Pepsi Bottling Ventures is the largest bottler of Pepsi-Cola beverages in the United States, responsible for the manufacture, sale and distribution of popular consumer brands. It operates 18 bottling facilities in North and South Carolina, Virginia, Maryland and Delaware.

27 day exposure window

In a sample security incident notice filed with the Montana Attorney General’s office, the company explains that the breach happened on December 23, 2022. But that’s not until January 10, 2023, or 18 days later that it was discovered, the resolution taking even longer. .

“Based on our preliminary investigation, an unknown person accessed [our internal IT systems] on or around December 23, 2022, installed malware and downloaded certain information contained on the accessed computer systems, ” read the note.

“We took prompt action to contain the incident and secure our systems. While we continue to monitor our systems for unauthorized activity, the last known date of unauthorized computer system access was January 19, 2023. “

Based on the results of Pepsi’s internal investigation to date, the following information has been impacted:

• Full name
• Home Address
• Financial account information (including passwords, PINs, and access numbers)
• State and Federal Issued Identification Numbers and Driver’s License Numbers
• Identity cards
• Social Security Numbers (SSN)
• Passport information
• Digital signatures
• Benefits and employment information (health insurance claims and medical history)

In response to this incident, the company implemented additional network security measures, reset all company passwords, and notified law enforcement authorities.

At this time, the review of potentially affected files and systems is still ongoing, while all affected systems have been suspended from regular business operations.

Recipients of breach notices are offered a one-year free identity monitoring service through Kroll to help prevent identity theft that may occur as a result of data theft.

It remains unclear how many people were affected by the data breach and whether the affected parties include customers or employees.

BleepingComputer has contacted Pepsi Bottling Ventures to request more details about the attack and the scope of the impact, and we’ll update this post as soon as we hear back.