The Everest ransomware group has leaked Coca-Cola employee data online in a major breach. Hackread.com recently confirmed this significant data leak impacting the global beverage company. The sensitive data was posted on Everest’s dark web leak site for public access. It also appeared on the notorious Russian-language XSS cybercrime online discussion forum. The group released a 502 MB data dump containing many internal company files. This dump exposes Coca-Cola’s Middle East-specific internal records and also employee information. The leaked folder itself contains a total of 1,104 different confidential files. On May 22 Everest first claimed it stole data from 959 Coca-Cola employees. Those employees were specifically located in the Middle East region including UAE and Oman.
The leaked files unfortunately contain a very wide array of sensitive employee information.
This includes employees’ full names making them easily identifiable to malicious actors. Both their business addresses and also their private home addresses were unfortunately exposed. Personal family details and official marriage certificates were also included in the data. Copies of employee visas passports and official residency permits were also found leaked. Personal and business phone numbers of employees were contained within the stolen files. Employee banking details and also their private salary records were part of this leak. Both personal email addresses and also official business email addresses were compromised. This extensive data specifically relates to Coca-Cola’s Middle East regional company operations.
One exposed Excel file was titled SuperAdmin_User_Account_Cocacola which detailed admin accounts. It outlines Coca-Cola’s internal administrative account user structure and also assigned system roles. While it does not include passwords it shows accounts holding critical system permissions. This information provides a very useful internal map for other potential threat actors. Another important file Emp Hierarchy Upload lists details of organizational hierarchy levels. It contains employee job titles departmental details and also country-based manager structures. Employee usernames their full names and also their reporting lines are clearly shown. A third file HRBP Upload contains detailed data on HR Business Partner assignments. This includes departmental functions employee IDs and also assigned HRBP names and IDs.
This combination of leaked data significantly increases Coca-Cola’s overall cybersecurity risk profile.
Such very detailed information can effectively aid cybercriminals in several different malicious ways. This includes highly targeted spear-phishing attacks against specific company individuals or departments. Also possible are social engineering schemes impersonating executives managers or Human Resources personnel. Phone-based scams and also credential harvesting attacks are now much more likely too. Attackers can also map internal systems for future breaches or escalate their privileges. The exposure of passports visas and banking details presents direct personal employee risks. This could lead to identity theft financial fraud or other cross-border privacy concerns. It remains currently unclear whether Coca-Cola engaged in any ransom payment negotiations. Companies often withhold such sensitive information while official investigations are still ongoing.
Reference:
