On May 22, a significant cybersecurity breach was reported by Hackread.com, revealing that the Everest ransomware group has leaked sensitive employee data of 959 Coca-Cola employees across the Middle East, specifically in the UAE, Oman, and Bahrain. This incident follows another alarming claim from a different hacker group, stating that they have stolen an astonishing 23 million records from Coca-Cola Europacific Partners (CCEP).
The leaked data was made available on Everest’s dark web site and on the notorious Russian-language cybercrime forum XSS, marking a serious breach of personal privacy and corporate security. The data dump, which spans 502 MB, includes 1,104 files containing sensitive information such as full names, addresses, family and marriage certificates, official documents including visas and passports, phone numbers, banking details, and employee email addresses.
Among the most alarming documents included in the leak is an Excel file named SuperAdmin_User_Account_Cocacola, which outlines Coca-Cola’s internal administrative account structure, highlighting critical roles such as system administrators and human resources personnel. Although the file does not contain direct access credentials, the information could facilitate targeted spear-phishing attacks and social engineering schemes.
The exposure of this data showcases the increasing cybersecurity risks facing corporations like Coca-Cola. While it remains uncertain whether Coca-Cola engaged in any ransom negotiations with the Everest group, the potential for identity theft and financial fraud is now a pressing concern for the affected employees. The company has not issued a public statement regarding the breach, but the incident underscores the persistent threat posed by ransomware actors and the potential impact on both corporate systems and personal lives.