Thought Leadership
The world’s largest Coca-Cola bottler, Coca-Cola Europacific Partners, has become the target of a hacker attack, according to darknet actors. The company’s Salesforce infrastructure is apparently affected.
Unknown perpetrators have published company data in a relevant dark web forum. The cybercriminals claim to have stolen over 64 GB of data with 23 million entries. The affected company, headquartered in the UK, operates 42 production sites worldwide and generated an annual turnover of more than 23 billion dollars in 2024. The hacker group claims to have already been responsible for the Samsung Germany attack, in which 270,000 customer records were compromised.
Salesforce platform in our sights
Security researchers from Cybernews have analyzed parts of the published data and confirmed its authenticity. The information covers the period from 2016 to 2025, with only a limited sample of the entire database available.
The compromised data probably originated from the beverage manufacturer’s Salesforce environment. The customer relationship management system is used to manage customer relationships. It remains unclear whether the attackers accessed the Salesforce instance directly or whether the systems of Coca-Cola Europacific Partners themselves were compromised.
The leaked information includes customer data and contact information, sales cases and product data, delivery addresses and telephone numbers as well as order numbers and summaries. Although the researchers classify the data leak as “not overly sensitive”, there are still considerable security risks. The information obtained could be misused for identity theft, phishing attacks or industrial espionage. Customer addresses enable various scams.
Beverage industry is a popular target
The beverage industry was recently hit by cyber attacks: The ransomware group “Ransom House” claims to have successfully attacked the Oettinger Brewery. The attackers claim to have been in possession of sensitive company data since April 19 and are threatening to publish it. “We are sure that you have no interest in your confidential data being leaked,” the cyber criminals write on their dark web page. The company had already confirmed the attack.
