An independent bottling firm, Pepsi Bottling Ventures, has confirmed that a data breach has affected more than 28,000 individuals.
Uncovered on January 10, the data breach, which occurred between December 23, 2022, and January 19, 2023, allowed unauthorized access to the personal, financial, and health records of the company’s employees.
On February 10, Pepsi Bottling Ventures initiated notifications to the affected individuals, indicating that unauthorized persons had accessed some systems containing their personal information. However, the company did not initially disclose the extent of the breach.
In a recent public statement concerning the incident, Pepsi Bottling Ventures notified the Maine Attorney General’s Office that unauthorized users had gained access to the personal data of over 28,000 individuals.
The compromised information, according to the company, encompasses names, addresses, email addresses, financial account data, ID numbers, driver’s license numbers, Social Security numbers, digital signatures, medical history information, and health insurance data.
The stolen data, the firm clarifies, belongs to present and past employees as well as contractors.
To enhance the security of its network, Pepsi Bottling Ventures has instigated a company-wide password reset to safeguard all employee and partner accounts within its network.
“We urge you to promptly change your username(s), password(s), and security question answer(s) for any accounts or account information you maintain with Pepsi Bottling Ventures,” the company advised the impacted individuals.
While the company reports that it has no knowledge of the compromised data being exploited, such data is frequently traded or circulated on illicit cybercrime platforms and subsequently used in phishing and other forms of cyberattacks.