Coca-Cola Europacific Partners targeted in major data breach

Coca-Cola Europacific Partners (CCEP), the world’s largest bottler of Coca-Cola products, has reportedly been the victim of a significant cyberattack, according to postings on a prominent dark web forum. The hackers claim to have accessed the company’s Salesforce customer relationship management (CRM) system, compromising more than 64 gigabytes of data containing approximately 23 million records.

The attackers allege that the breach yielded a broad range of information, including customer contact details, sales records, product data, delivery addresses, telephone numbers, order identifiers, and summary reports. While the full scope of the breach is still under investigation, the published samples span data collected between 2016 and 2025.

CCEP, headquartered in the United Kingdom, operates 42 production facilities across multiple continents and reported revenue exceeding $23 billion in 2024. The company has not yet issued a public statement regarding the incident.

Cybersecurity analysts from Cybernews reviewed portions of the leaked data and confirmed its authenticity. Although the breach appears to involve standard CRM data, experts warn of potential misuse. The information, while not classified as highly sensitive, could still be exploited for phishing attacks, identity theft, or corporate espionage. Fraud schemes using stolen customer addresses also remain a concern.

It is currently unclear whether the attackers directly infiltrated the company’s Salesforce instance or accessed the data through compromised internal systems. The threat actors behind the breach have claimed responsibility for a previous cyberattack on Samsung Germany, in which 270,000 customer records were exposed.

This incident is part of a broader trend of cyberattacks targeting the beverage industry. In a separate case, the ransomware group known as Ransom House recently claimed to have breached the Oettinger Brewery. According to their statement on a dark web platform, they have possessed confidential company data since April 19 and are threatening to release it unless their demands are met. The brewery has acknowledged the attack.