back to article Pepsi Bottling Ventures says info-stealing malware swiped sensitive data

Crooks have breached Pepsi Bottling Ventures' network and, after deploying info-stealing malware, made off with sensitive personal and financial information according to a notification sent to consumers. The breach happened on or around December 23, 2022. However, Pepsi Bottling Ventures – America's largest manufacturer and …

  1. Wally Dug
    FAIL

    Prompt Action?

    The breach happened on or around December 23, 2022... didn't discover the unauthorized activity until January 10... "We took prompt action to contain the incident and secure our systems"... "...the last known date of unauthorized IT system access was January 19"

    So, their "prompt action" was to allow the miscreants systems access for a further 9 days? Maybe I'm being a bit harsh here and maybe they were, with the potential help of law enforcement, trying to track down the baddies with a view to potential criminal charges - or perhaps gleaning intel - but doesn't 9 days unauthorised known activity seem a bit excessive?

    1. Alumoi Silver badge

      Re: Prompt Action?

      No, no, no. They took 9 days to sanitize their systems in case law enforcement was going to take a peek into their database.

    2. Strahd Ivarius Silver badge
      Facepalm

      Re: Prompt Action?

      You can expect that it is a "freeze" period where no action is allowed in infrastructure while the end-of-year activities for accounting are completed.

      And beancounters won't be stopped just because of a small security issue...

    3. IGotOut Silver badge

      Re: Prompt Action?

      "but doesn't 9 days unauthorised known activity seem a bit excessive?"

      It takes time to hire the right lawyers and marketing team.

      And those boiler plate "We take security...." messages don't just write themselves....copy and paste takes time.

  2. jvf

    why now?

    “It also has "taken a number of steps" to boost its network security in light of the breach” Why do all these companies wait until the horse is out of the barn to try and close the door? You’d think EVERY company would have installed extra locks and a few good watchmen by now. O yeah, that costs $$$$

  3. An_Old_Dog Silver badge

    Restoring Confidence

    If Pepsi BV wants to "restore confidence" in it, they should do what Ernie Ball (U.S. guitar string maker) did. (https://www.cnet.com/tech/tech-industry/rockin-on-without-microsoft/). A Linux desktop is not necessarily "more secure" than a Microsoft Windows desktop, but a character-based terminal or X terminal is less-susceptible to "end-user tries to install what turns out to be trojan-infected software"-type errors. Linux servers are administered by techies who, probably are wiser and more-careful about that than Joe End User.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like