Coca-Cola and its bottling partner, Coca-Cola Europacific Partners (CCEP), are facing separate cyberattack claims from two distinct threat groups. The Everest ransomware gang claims to have breached Coca-Cola’s systems, leaking personal information of 959 employees, including visa and passport scans, salary data, and other HR-related records. The Gehenna hacking group claims to have breached CCEP’s Salesforce dashboard, exfiltrating over 23 million records containing sensitive CRM data, including account records, customer service cases, contact entries, and product records.
Source: https://hackread.com/coca-cola-bottling-partner-ransomware-data-breach/
TPRM report: https://scoringcyber.rankiteo.com/company/coca-cola
"id": "coc315052325",
"linkid": "coca-cola",
"type": "Ransomware",
"date": "5/2025",
"severity": "85",
"impact": "3",
"explanation": "Attack with significant impact with internal employee data leaks"{'affected_entities': [{'customers_affected': None,
'industry': 'Beverage',
'location': 'Middle East, Dubai',
'name': 'Coca-Cola',
'size': None,
'type': 'Company'},
{'customers_affected': None,
'industry': 'Beverage',
'location': None,
'name': 'Coca-Cola Europacific Partners (CCEP)',
'size': None,
'type': 'Company'}],
'attack_vector': ['Credential Harvesting',
'Targeting Active Directory',
'Exfiltration from Salesforce'],
'data_breach': {'data_exfiltration': True,
'file_types_exposed': ['Visa and Passport Scans',
'Salary Data',
'HR Records',
'Salesforce Records'],
'number_of_records_exposed': 23000000,
'personally_identifiable_information': True,
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['PII', 'CRM Data']},
'description': 'Coca-Cola and its bottling partner, Coca-Cola Europacific '
'Partners (CCEP), are facing separate cyberattack claims from '
'two distinct threat groups. The Everest ransomware gang says '
'it has breached Coca-Cola’s systems, while another group '
'named Gehenna (aka GHNA) is offering what it claims is a '
'massive database stolen from CCEP’s Salesforce environment.',
'impact': {'data_compromised': ['Employee PII', 'Customer CRM Data'],
'systems_affected': ['Internal Documents', 'Salesforce Dashboard']},
'initial_access_broker': {'data_sold_on_dark_web': True},
'motivation': 'Financial Gain',
'ransomware': {'data_exfiltration': True, 'ransomware_strain': 'Everest'},
'recommendations': ['Prioritize integrating SaaS logs into SIEM',
'Build detections for suspicious behaviour'],
'references': [{'date_accessed': None, 'source': 'Hackread.com', 'url': None}],
'threat_actor': ['Everest Ransomware Gang', 'Gehenna (GHNA)'],
'title': 'Cyberattacks on Coca-Cola and Coca-Cola Europacific Partners',
'type': 'Data Breach, Ransomware'}