Week 6: Pepsi Bottling Ventures suffers data breach after malware attack

Pepsi Bottling Ventures LLC is one of the largest beverages company in the US and has 18 bottling operations.  The company became the victim of network intrusion, leading to a data breach. The information-stealing malware was installed and was able to extract data from the IT systems. 

Unfortunately, the breach was only discovered on January 10th 2023 as there was a trace of access from an unknown party who had downloaded information from the system. This breach was discovered 18 days after the malware infiltration, and the malware remediation took a long time.  The data was exposed for a period of 27 days. Numerous sensitive pieces of information were stolen such as full names, home addresses, financial account information, SSNs, and so on. 

In order to countermeasure this breach, the company decided to reset all company passwords, notified law enforcement, and reinforced network security. In addition, the company compromised systems were suspended in order to assess the damage. The victims were offered Kroll for one year; this service will monitor identity theft-related problems.

This data breach shows how difficult it is to detect malware and how a remediation process will take time in case of infiltration. The article also highlights the aftermath of it, which results in constant monitoring of the victim's personal information. 

Reference:

https://www.bleepingcomputer.com/news/security/pepsi-bottling-ventures-suffers-data-breach-after-malware-attack/