Hackread reports that Coca-Cola had information from 959 of its employees across the Middle East exposed by the Everest ransomware operation, which had claimed responsibility for attacking the firm days prior.
Included in the 502 MB data dump revealed by Everest was a folder with 1,104 files containing employees' full names, home and business addresses, phone numbers, personal and business email addresses, banking information, salary records, and family and marriage certificates, as well as copies of their passports, visas, and residency permits. Further analysis of the exposed folder showed the inclusion of the "SuperAdmin_User_Account_Cocacola" Excel file detailing the internal admin account structure and assigned roles within Coca-Cola; the "Emp Hierarchy Upload" file that includes hierarchy levels within the organization, country-based manager structures, job titles, reporting lines, and employees' full names and usernames; and the "HRBP Upload" file that contains assignments for the firm's HR Business Partner, according to Cybernews researchers, who cautioned about the increased risk of spear-phishing attacks and social engineering intrusions that could stem from the leaked data.
Included in the 502 MB data dump revealed by Everest was a folder with 1,104 files containing employees' full names, home and business addresses, phone numbers, personal and business email addresses, banking information, salary records, and family and marriage certificates, as well as copies of their passports, visas, and residency permits. Further analysis of the exposed folder showed the inclusion of the "SuperAdmin_User_Account_Cocacola" Excel file detailing the internal admin account structure and assigned roles within Coca-Cola; the "Emp Hierarchy Upload" file that includes hierarchy levels within the organization, country-based manager structures, job titles, reporting lines, and employees' full names and usernames; and the "HRBP Upload" file that contains assignments for the firm's HR Business Partner, according to Cybernews researchers, who cautioned about the increased risk of spear-phishing attacks and social engineering intrusions that could stem from the leaked data.
