A ransomware attack attributed to the Everest group has reportedly breached the Coca-Cola Company, exposing sensitive internal information. The incident was publicly disclosed by the Everest group on May 22, 2025, via a post on its darknet leak site. This attack particularly targeted the Coca-Cola Company rather than just its bottlers or affiliates, indicating its potentially broader implications for the global beverage giant.
While the scale of the data exfiltrated remains unverified, Everest claims to have extracted significant amounts of sensitive information, notably related to Coca-Cola’s operations in the Middle East. The compromised materials are alleged to include internal documents and possibly insider communications, raising concerns about the potential risk of further leaks. The particular type of records remains unclear; they may encompass corporate documents, emails, or strategic discussions affecting company operations. Similar to the recent Change Healthcare breach, unauthorized access often stems from compromised employee credentials.
The Everest ransomware group has been active since 2020, previously linked to high-profile attacks against organizations like NASA and the Brazilian government. Known for their audacious approach to data theft and ransom demands, they utilize dark web platforms to publicize their assaults. This recent attack on Coca-Cola reflects their ongoing pattern of targeting major corporations in aims of financial gain through extortion. Additionally, analysts have noted that Coca-Cola could face challenges due to the potential implications of this sensitive data breach. Furthermore, understanding indicates the company itself was not compromised, creating complicated scenarios for Coca-Cola’s response strategy.
Despite the serious nature of the claims, Coca-Cola has not issued any official confirmation regarding the breach or the attack. As of now, no public statement has emerged acknowledging Everest’s assertions. The same company’s stock price remained unaffected immediately following the breach report, though analysts and cybersecurity experts continue to evaluate the implications of the situation.
In the context of previous cybersecurity challenges, this incident follows a notable 2023 breach affecting a Coca-Cola bottler, which resulted in a $1.5 million ransom payment. The ongoing assault on Coca-Cola highlights the necessity for strong cybersecurity protocols among multinational corporations, particularly in industries like manufacturing and beverages, which are increasingly vulnerable to sophisticated cyberattacks.
