On May 22, Hackread.com reported that the Everest ransomware group claimed responsibility for stealing data on 959 Coca-Cola employees in the Middle East. Another hacker group claimed to have stolen 23 million records from Coca-Cola Europacific Partners (CCEP). The Everest group leaked sensitive employee data on their dark web site and a Russian-language cybercrime forum. The leaked data includes full names, addresses, family certificates, copies of visas, passports, residency permits, phone numbers, banking details, salary records, and email addresses. The data also includes internal administrative account structures and HR mapping, increasing the cybersecurity risk for Coca-Cola and exposing employees to identity theft and financial fraud.
Source: https://hackread.com/everest-ransomware-leaks-coca-cola-employee-data/
TPRM report: https://scoringcyber.rankiteo.com/company/coca-cola-company
"id": "coc324052725",
"linkid": "coca-cola-company",
"type": "Ransomware",
"date": "5/2025",
"severity": "85",
"impact": "3",
"explanation": "Attack with significant impact with internal employee data leaks"{'affected_entities': [{'industry': 'Beverage',
'location': ['UAE', 'Oman', 'Bahrain'],
'name': 'Coca-Cola Company',
'type': 'Corporation'},
{'industry': 'Beverage',
'name': 'Coca-Cola Europacific Partners (CCEP)',
'type': 'Corporation'}],
'attack_vector': 'Ransomware',
'data_breach': {'data_exfiltration': True,
'file_types_exposed': ['Excel files', 'PDFs', 'Text files'],
'number_of_records_exposed': ['959', '23 million'],
'personally_identifiable_information': True,
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Personal Information',
'Employment Records',
'Administrative Data']},
'date_detected': '2023-05-22',
'date_publicly_disclosed': '2023-05-22',
'description': 'Everest ransomware group claimed responsibility for stealing '
'data on 959 Coca-Cola employees in the Middle East. Another '
'group claimed to have stolen 23 million records from '
'Coca-Cola Europacific Partners (CCEP). The Everest group '
'leaked sensitive employee data on their dark web leak site '
'and on the Russian-language cybercrime forum XSS.',
'impact': {'data_compromised': ['Full names of employees',
'Business and home addresses',
'Family and marriage certificates',
'Copies of visas, passports, residency '
'permits',
'Phone numbers, banking details, salary '
'records',
'Employee personal and business email '
'addresses',
'Internal administrative account structure '
'and assigned roles',
'Organizational hierarchy levels',
'Job titles and departmental details',
'Country-based manager structures',
'Employee usernames and full names',
'Reporting lines',
'HRBP assignments'],
'identity_theft_risk': 'High',
'payment_information_risk': 'High'},
'initial_access_broker': {'data_sold_on_dark_web': True},
'motivation': 'Financial Gain',
'ransomware': {'data_exfiltration': True, 'ransomware_strain': 'Everest'},
'references': [{'date_accessed': '2023-05-22', 'source': 'Hackread.com'}],
'threat_actor': 'Everest Ransomware Group',
'title': 'Coca-Cola Data Breach by Everest Ransomware Group',
'type': 'Data Breach'}