Nearly a thousand soft drink makers’ employees had their details exposed alongside confidential internal documents, the ransomware gang behind the alleged breach claims.
Coca-Cola's name appeared on a dark web leak site, used by the Everest ransomware cartel. While scarce on actual details, attackers included several screenshots of the supposedly stolen information.
Data samples show employee identification details as well as some company documents, which resemble details that human resources departments would have, such as salary levels.
We have reached out to Coca-Cola for comment and will update the article once we receive a reply.
The data sample attackers provided suggests that personal identifiable information (PII) may have been exposed. Moreover, the documents involved suggest that Coca-Cola’s Middle East distributor was impacted by the attack.
If confirmed, it would endanger individuals affected by the breach.
Attackers could utilize the stolen data for identity theft, financial fraud, or targeted phishing attacks. For example, threat actors could craft convincing emails and messages, impersonating Coca-Cola with the intent to lure additional details from unsuspecting victims.
The Everest ransomware gang is believed to be connected to the Black-Byte ransomware operations, a ransomware-as-a-service (RaaS) with links to Russia, and likely first emerged in July 2021.
The gang was behind the October 2022 attack on AT&T, offering up alleged access to the entire AT&T corporate network. Everest had been observed exploiting compromised user accounts and Remote Desktop Protocol (RDP) for lateral movement.
According to Cybernews’ dark web tracker Ransomlooker, the gang has victimized at least 91 organizations over the last 12 months.
Your email address will not be published. Required fields are markedmarked