Pepsi Bottling Ventures (PBV) has revealed a breach of its systems dating back more than six months that may have led to staff data being stolen.
In a statement issued yesterday (3 July), PBV said on 10 January it had “learned that unauthorised activity was reported on certain internal IT systems”.
The PepsiCo bottler said it had taken action to “contain the incident” but noted that an unknown party had accessed and downloaded data “on or around” 23 December last year.
PBV, based in Raleigh in North Carolina, said the breach “may have involved some personal information provided by current and former employees and contractors”.
It said the incident may have led to the capture of information such as employees’ home addresses and bank account material, including “a limited number” of passwords and PIN codes. The potential haul may also have included worker social security numbers, passport information and medical details.
“The safety of individual personal information is of the utmost importance to us. Pepsi Bottling Ventures promptly reported the incident to law enforcement, suspended all affected systems, and investigated to understand the scope and impact of the incident. At this time, we are not aware of any identity theft or fraud involving an individual’s personal information,” PBV said.
The bottler has hired Kroll, a cyber and financial security service, to monitor employees’ financial and public identities for one year “at no cost”. PBV has advised its employees to “promptly change” any security information that may have been held by the company.
PBV is North America’s largest privately-held bottler and distributor of PepsiCo’s beverage brands. It has 19 facilities located across the US.
In April, the Mexico-headquartered Coca-Cola FEMSA confirmed it had experienced a cyber security incident but did not disclose if any of its operations had been impacted or if any sensitive data belonging to the company or its customers had been stolen.
