Pepsi Bottling Ventures, a beverage company based in the United States, announced on Monday that it had experienced a data breach earlier this year. The breach, which was discovered in January, has potentially exposed sensitive information of its customers, including names, addresses, financial account details, government identification numbers, and health insurance information. The company has taken steps to mitigate the impact of the breach by contracting with Kroll, a cybersecurity firm, to provide identity monitoring services at no cost to those affected for at least one year.
Willy Leichter, the Vice President of Marketing at Cyware, expressed dismay at the long delay in discovering and responding to the breach. He emphasized the importance of quickly identifying indicators of compromise in order to limit the damage. Roy Akerman, the Co-Founder and CEO of Rezonate, highlighted the inherent value of personally identifiable information (PII) on the dark web. He noted that while credit card information and passwords can be replaced, an individual’s identity cannot. Identity data is highly sought after by cybercriminals and can have long-lasting consequences for victims.
In a separate incident, a US federal appeals court recently ruled that individuals whose data were abused due to a data breach have the legal standing to sue the entity that experienced the breach. This decision came after a plaintiff, Alexsis Webb, alleged that her data was stolen from Injured Workers Pharmacy (IWP) in 2021 and subsequently used to file a fraudulent tax return. The breach was not discovered until several months after it occurred, and customers were not notified until after a seven-month investigation. Webb claims to have experienced financial insecurity, anxiety, and fear as a result of the breach. Although it can be difficult for plaintiffs to prove a direct connection between a breach and the harm they suffered, the appeals court ruled in favor of Webb due to the clear misuse of her data.
Furthermore, the ripple effects of the MOVEit mass-hack continue to impact organizations. Two colleges in the US, Middlebury College in Vermont and Trinity College in Connecticut, have confirmed that the Teachers Insurance and Annuity Association of America (TIAA) was impacted in the hacking of the MOVEit file transfer application. TIAA, a nonprofit organization that provides financial services for academic employees, stated that it was not directly targeted in the hack but was affected by a breach at one of its third-party vendors. Social Security numbers and dates of birth were among the data shared with TIAA, impacting the annuity plans of these colleges. The MOVEit hack has affected at least 160 victims, with over 16 million individuals potentially affected.
Lastly, employees at Dublin Airport in Ireland were affected by a cyberattack targeting Aon, a global professional services firm. The attack, attributed to the wider MOVEit hack, compromised data related to the pay and benefits of two thousand airport staff. The Dublin Airport Authority (DAA) confirmed the breach and stated that it occurred as a result of the attack on Aon, a third-party service provider that used MOVEit as a file transfer tool.
These incidents underscore the persistent threat of data breaches and the potential consequences for individuals and organizations. The disclosure of personal and financial information can have far-reaching implications, including identity theft, financial fraud, and emotional distress. As cybercriminals continue to target sensitive data, organizations must remain vigilant in their efforts to protect customer information and respond swiftly to mitigate the impact of breaches.