After an alleged ransomware attack, hackers have publicly released Coca-Cola’s internal data.
Coca-Cola’s name showed up on a dark web leak site run by the Everest ransomware gang on May 22nd. The hackers claimed they’d swiped personal data from 959 employees, most tied to Coca-Cola’s Middle East distributor.
Everest gave the company five days to contact them and make a deal before they dumped the data. Ransomware gangs often use such tactics to pressure victims into paying a ransom.
As time ran out, the cartel posted a link on May 27th to a full stolen dataset online. Cybernews researchers investigated the leak and found 1,104 files, including passport scans, visa copies, and IDs, most linked to employees in Bahrain and the UAE.
Leaked Coca-Cola employee data: What was exposed?
- Personal numbers
- Full names
- Dates of birth
- Nationalities
- IDs or Passport issue and expiry dates
- Residential addresses
- Occupations
- ID or passport numbers
- Sponsor numbers
Leaking sensitive personal information, like passport numbers, visa details, and residential addresses, puts the affected individuals at serious risk. Once this kind of data hits the dark web, it’s likely to be exploited for identity theft, credit card fraud, tax scams, credential harvesting, and even highly targeted spear-phishing attacks.
Attackers could use sophisticated social engineering tactics, posing as HR or IT staff to lure employees onto fake internal portals and harvest credentials. In some cases, they could trick staff into installing malware disguised as routine updates or remote access tools, giving hackers a direct line into corporate systems.
“The exposure of personal documents, such as IDs and Passports, poses a serious identity theft and fraud risk to affected employees,” said the Cybernews research team.
“They could suffer from credit card and loan fraud, tax fraud, more personalised social engineering attacks, and account takeover.”
adds research team.
A breach of this scale could trigger regulatory investigations under local data protection laws. The company may face hefty fines, legal battles, and lasting reputational damage.
Cybernews has contacted Coca-Cola but has not received a response at the time of writing.
Second Coca-Cola data breach in one week
This isn’t the first time Coca-Cola’s data has been claimed by cybercriminals. Just days before, reports surfaced of an alleged data breach at Coca-Cola Europacific Partners, the world’s largest Coke bottler.
Attackers on a known cybercriminal forum claimed to be selling 64 gigabytes of data, allegedly pulled from Salesforce, the popular CRM platform.
It’s likely they didn’t breach Coca-Cola Europacific Partners directly. Instead, they may have slipped in through a compromised Salesforce account.
The crew behind the alleged breach says they're the same hackers who hit Samsung Germany earlier this year, an attack that leaked 270,000 customer support tickets.
What is Everest Group ransomware?
The Everest ransomware crew, allegedly tied to the Russia-linked BlackByte cartel, has been making moves since mid-2021.
The gang was also behind the October 2022 attack on AT&T, offering alleged access to the entire AT&T corporate network. According to Cybernews’ dark web tracker Ransomlooker, the gang has listed 248 victims since 2023.
Your email address will not be published. Required fields are markedmarked