In a significant cybersecurity development, Coca-Cola has become the target of two separate hacking groups, Everest and Gehenna, each alleging successful breaches of the company’s systems. These incidents have raised concerns about the security of sensitive corporate and customer data.
Everest Ransomware Group’s Allegations
The Everest ransomware group, active since 2020, has claimed responsibility for infiltrating Coca-Cola’s internal systems, particularly those related to the company’s Middle East operations. According to statements on dark web forums, Everest asserts that they have exfiltrated confidential information, though specific details about the nature and volume of the data remain undisclosed. This group has a history of targeting high-profile organizations, including NASA and the Brazilian government.
Gehenna Hacking Group’s Claims
In a separate incident, the Gehenna hacking group alleges that they breached Coca-Cola Europacific Partners’ Salesforce database in early May 2025. They claim to have accessed over 23 million records spanning from 2016 to 2025, encompassing Salesforce accounts, contacts, product information, and customer cases containing sensitive customer relationship management (CRM) data. If substantiated, this breach could have significant implications for Coca-Cola’s operations in Europe and the Asia-Pacific region.
Historical Context of Coca-Cola’s Cybersecurity Challenges
These recent claims are not isolated incidents in Coca-Cola’s history. In 2018, the company disclosed a data breach affecting approximately 8,000 workers after a former employee was found in possession of company data on a personal hard drive. Additionally, in 2023, a Coca-Cola bottler reportedly paid $1.5 million to hackers to prevent the leak of certain stolen files. These events underscore the ongoing challenges the company faces in securing its data assets.
Timing and Credibility of Everest’s Claims
The timing of Everest’s claim is particularly noteworthy, as their own dark web leak site was defaced by unknown attackers in early April 2025. The site displayed a message reading, Don’t do crime. CRIME IS BAD. xoxo from Prague, before going offline. This incident raises questions about the group’s operational integrity and the veracity of their claims against Coca-Cola.
Implications for Coca-Cola Europacific Partners
Coca-Cola Europacific Partners, the largest bottler and distributor for Coca-Cola in Europe and the Asia-Pacific region, has been striving to become the world’s most digitized bottler. A breach of this magnitude could significantly impact their digital transformation efforts and expose sensitive business and customer data. The company has yet to confirm the alleged breach, leaving stakeholders in a state of uncertainty.
Official Responses and Recommendations
As of now, neither Coca-Cola nor Coca-Cola Europacific Partners have officially confirmed these breaches. Security analysts caution that ransomware groups often make exaggerated claims to pressure victims into paying ransoms. John Riggi from the American Hospital Association has previously commented on Everest’s tactics, noting their propensity for data extortion operations.
Customers and partners are advised to monitor official company communications for guidance on potential data exposure and recommended security measures. In the interim, it is prudent for individuals and organizations associated with Coca-Cola to remain vigilant, update their security protocols, and be cautious of any suspicious communications that may arise as a result of these alleged breaches.
