Pepsi Bottling Ventures LLC experienced a data breach caused by information-stealing malware. The organization is the largest bottler of Pepsi-Cola beverages in the US, in charge of producing, marketing, and distributing well-known consumer brands. It runs 18 bottling facilities in Virginia, Delaware, North and South Carolina, and Maryland. The company explained that the breach happened on December 23, 2022, in a sample security incident notice submitted to Montana’s Attorney General’s office. However, it was discovered on January 10, 2023, or 18 days later, and remediation took even longer. “Based on our preliminary investigation, an unknown party accessed [our internal IT systems] on or around December 23, 2022, installed malware, and downloaded certain information contained on the accessed IT systems. We took prompt action to contain the incident and secure our systems. While we are continuing to monitor our systems for unauthorized activity, the last known date of unauthorized IT system access was January 19, 2023,” reads the notice. According to the initial report of Pepsi’s internal investigation, the following data has been affected: names, ID cards, State and Federal government-issued ID numbers, driver’s licenses, home addresses, financial accounts (including passwords, PINs, and access numbers), Social Security Numbers (SSNs), passports, digital signatures, and information related to employee benefits.