In a statement issued on July 3rd, Pepsi Bottling Ventures said that on January 10th it had learned that a breach of its internal systems dating back more than six months may have led to current and former employees and contractors’ data being stolen around December 23rd of last year.
The PepsiCo bottler said it had taken action to “contain the incident” but the incident may have led to the capture of employees’ data including:
- First and last names
- Parents’ maiden names
- Home address
- Email address
- Financial account information
- Passwords
- PIN codes
- Driver license #s
- ID card #s
- SSNs
- Passport info
- Digital signatures
- Information related to benefits and employment
- Limited medical history
- Health and health insurance claims
- Insurance policy numbers
“The safety of individual personal information is of the utmost importance to us. Pepsi Bottling Ventures promptly reported the incident to law enforcement, suspended all affected systems, and investigated to understand the scope and impact of the incident,” PBV said.
I’ll bit my tongue for a moment. Instead, I will turn this over to Willy Leichter, PV of Marketing, Cyware for commentary:
“Unfortunately, this type of long delay in discovering and acting upon a breach is all too common. But saying that they have “contained” the breach after not discovering it for six months stretches credulity. Indicators of compromise of breaches need to be discovered in hours or days for there to be any chance of limiting the damage.”
Roy Akerman, Co-Founder & CEO, Rezonate follows up with this:
“Unlike a credit card, username, password and other personally identifiable information (PII), an identity cannot be simply replaced and will be forever compromised and at risk. The highest paying intel on the dark web was and will continue to be PII and healthcare information. Identity data will therefore continue to be the number one target and the means which attackers leverage to compromise systems and organizations. “
Six months is a very long time to notify people of a data breach. That’s not cool. Pepsi Bottling Ventures needs to do much better on this front. And others should take note of how this was handled and not be Pepsi Bottling Ventures.
Related
This entry was posted on July 5, 2023 at 2:47 pm and is filed under Commentary with tags Hacked. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
Pepsi Bottling Discloses 6+ Month Old Breach Of Staff Data…. WTF???
In a statement issued on July 3rd, Pepsi Bottling Ventures said that on January 10th it had learned that a breach of its internal systems dating back more than six months may have led to current and former employees and contractors’ data being stolen around December 23rd of last year.
The PepsiCo bottler said it had taken action to “contain the incident” but the incident may have led to the capture of employees’ data including:
“The safety of individual personal information is of the utmost importance to us. Pepsi Bottling Ventures promptly reported the incident to law enforcement, suspended all affected systems, and investigated to understand the scope and impact of the incident,” PBV said.
I’ll bit my tongue for a moment. Instead, I will turn this over to Willy Leichter, PV of Marketing, Cyware for commentary:
“Unfortunately, this type of long delay in discovering and acting upon a breach is all too common. But saying that they have “contained” the breach after not discovering it for six months stretches credulity. Indicators of compromise of breaches need to be discovered in hours or days for there to be any chance of limiting the damage.”
Roy Akerman, Co-Founder & CEO, Rezonate follows up with this:
“Unlike a credit card, username, password and other personally identifiable information (PII), an identity cannot be simply replaced and will be forever compromised and at risk. The highest paying intel on the dark web was and will continue to be PII and healthcare information. Identity data will therefore continue to be the number one target and the means which attackers leverage to compromise systems and organizations. “
Six months is a very long time to notify people of a data breach. That’s not cool. Pepsi Bottling Ventures needs to do much better on this front. And others should take note of how this was handled and not be Pepsi Bottling Ventures.
Share this:
Like this:
Related
This entry was posted on July 5, 2023 at 2:47 pm and is filed under Commentary with tags Hacked. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.