In May 2025, Coca-Cola suffered a data breach – and not one, but two within days! These breaches exposed sensitive employee information and millions of internal Salesforce records, highlighting critical vulnerabilities in Coca-Cola’s security ecosystem. This incident serves as a stark reminder of the growing threat of sophisticated cybercriminals targeting multinational corporations.
Everest Ransomware Targets Employee Information
The first major Coca-Cola data breach occurred on May 22, 2025, when the Everest ransomware group published personal data stolen from Coca-Cola’s Middle East distributor. The leaked information included ID and passport numbers, addresses, names, and other identifying information, belonging to 959 employees.
After a five-day ultimatum with no response from Coca-Cola, Everest released the full dataset on May 27, making this breach particularly concerning for the affected individuals. Such sensitive data can be exploited for identity theft, social engineering, and other malicious activities.
Gehenna Group Targets Coca-Cola Europacific Partners
Shortly after, another breach was reported involving the company’s bottling partner, Coca-Cola Europacific Partners (CCEP). The Gehenna hacking group claimed responsibility for infiltrating CCEP’s Salesforce environment, exfiltrating over 23 million records dating back to 2016.
The stolen data includes customer service cases, account information, contact records, and product details. They were partially posted on a public data breach forum. This attack raises serious concerns about the security of cloud-based CRM platforms used by Coca-Cola and its affiliates.
Risks and Consequences
The dual Coca-Cola data breach incidents expose the company and its employees to numerous risks, including:
- Identity theft and fraud from stolen employee documents
- Targeted phishing and social engineering attacks
- Potential loss of customer trust due to CRM data exposure
- Increased scrutiny from regulators over data protection practices
These breaches emphasize the need for stringent cybersecurity measures, especially when third-party vendors and cloud systems are involved.
Coca-Cola’s Response
As the Coca-Cola data breach investigation continues, the company has yet to release a detailed public statement. It is expected that Coca-Cola will notify affected parties and strengthen its security protocols to prevent future incidents.
Lessons from the Coca-Cola Data Breach
The leak highlights key lessons for other global companies:
- Conduct thorough security assessments of vendors and distributors
- Implement strong access controls and encryption for cloud platforms like Salesforce
- Invest in real-time monitoring and rapid incident response teams
- Educate employees on cybersecurity best practices
Final Thoughts
The recent Coca-Cola data breach serves as a critical warning about the vulnerabilities facing multinational corporations today. Cybercriminals are increasingly targeting large organizations through multiple attack vectors. To protect sensitive data and maintain trust, companies must prioritize cybersecurity as a top business imperative.
