Ransomware groups attacks Coca-Cola systems

Two notorious hacking groups have claimed responsibility for separate breaches of Coca-Cola systems. Neither Coca-Cola nor Coca-Cola Europacific Partners has officially confirmed these breaches as of May 23, 2025.

The Everest ransomware group, has allegedly exfiltrated sensitive internal and confidential information from Coca-Cola's systems. According to their claims on dark web forums, the compromised data appears to be primarily related to the Middle East operations.

In a separate and potentially more damaging incident, the Gehenna hacking group claims to have successfully breached Coca-Cola Europacific Partners' Salesforce dashboard in early May 2025. The group alleges they have exfiltrated over 23 million records spanning from 2016 to 2025.

Data reportedly exposed in the Gehenna attack includes:

• Salesforce accounts
• Contact information
• Product data
• Customer cases containing highly sensitive CRM-related information

This is not the first time Coca-Cola or its affiliates have faced cybersecurity challenges. In 2023, a Coca-Cola bottler reportedly paid $1.5 million to hackers to prevent the leak of certain stolen files. In 2018, the company disclosed a data breach affecting approximately 8,000 workers when a former employee was found in possession of company data on a personal hard drive.

Security analysts note that neither Coca-Cola nor Coca-Cola Europacific Partners has officially confirmed these breaches. The exact number of affected individuals beyond the claimed 23 million records is not disclosed.