Refresco Beverages US Inc.

The California Office of the Attorney General disclosed a data breach affecting Refresco Beverages US Inc. in November 2023, initially detected on May 14, 2023. The incident involved unauthorized access to personal information of current and former employees, exposing personally identifiable information (PII) and personal health information (PHI). The exact number of impacted individuals remains undisclosed, but the breach poses significant risks due to the sensitivity of the compromised data. Employee records, including financial, identity, and health-related details, may have been exposed, increasing vulnerabilities to identity theft, fraud, or targeted phishing attacks. The breach underscores critical gaps in data protection measures, particularly concerning internal workforce data, which could lead to regulatory scrutiny, reputational harm, and potential legal liabilities for the company.

Source: https://oag.ca.gov/ecrime/databreach/reports/sb24-576341

TPRM report: https://www.rankiteo.com/company/refresco

"id": "ref040090625",
"linkid": "refresco",
"type": "Breach",
"date": "5/2023",
"severity": "85",
"impact": "3",
"explanation": "Attack with significant impact with internal employee data leaks"

{'affected_entities': [{'industry': 'Beverage Manufacturing',
                        'location': 'United States (California)',
                        'name': 'Refresco Beverages US Inc.',
                        'type': 'Corporation'}],
 'data_breach': {'data_exfiltration': 'Potential (unauthorized access '
                                      'reported)',
                 'personally_identifiable_information': True,
                 'sensitivity_of_data': 'High (includes PHI)',
                 'type_of_data_compromised': ['Personally Identifiable '
                                              'Information (PII)',
                                              'Personal Health Information '
                                              '(PHI)']},
 'date_detected': '2023-05-14',
 'date_publicly_disclosed': '2023-11-09',
 'description': 'The California Office of the Attorney General reported a data '
                'breach involving Refresco Beverages US Inc. on November 9, '
                '2023. The breach was detected on May 14, 2023, and '
                'potentially involved unauthorized access to personal '
                'information of current and former employees, including '
                'personally identifiable information (PII) and personal health '
                'information (PHI). The specific number of individuals '
                'affected is unknown.',
 'impact': {'data_compromised': ['Personally Identifiable Information (PII)',
                                 'Personal Health Information (PHI)'],
            'identity_theft_risk': 'Potential (PII and PHI exposed)'},
 'initial_access_broker': {'high_value_targets': ['Employee PII',
                                                  'Employee PHI']},
 'investigation_status': 'Ongoing (as of disclosure date)',
 'references': [{'date_accessed': '2023-11-09',
                 'source': 'California Office of the Attorney General'}],
 'regulatory_compliance': {'regulations_violated': ['Potential HIPAA (PHI '
                                                    'exposure)',
                                                    'California Consumer '
                                                    'Privacy Act (CCPA)'],
                           'regulatory_notifications': ['California Office of '
                                                        'the Attorney '
                                                        'General']},
 'response': {'communication_strategy': 'Public disclosure via California '
                                        'Office of the Attorney General'},
 'title': 'Data Breach at Refresco Beverages US Inc.',
 'type': 'Data Breach'}