In a significant cybersecurity incident that could potentially affect millions of consumers, two notorious hacking groups have claimed responsibility for separate breaches of Coca-Cola systems.
According to posts on dark web forums, the Everest ransomware group has reportedly compromised internal and confidential information belonging to Coca-Cola, while the Gehenna hacking group claims to have breached Coca-Cola Europacific Partners’ Salesforce database earlier this month.
Dual Attacks Target Beverage Giant
The Everest ransomware group, active since 2020, has allegedly exfiltrated sensitive internal and confidential information from Coca-Cola’s systems.
.png
)
According to their claims, the compromised data appears to be primarily related to the Middle East operations.
This group has previously been linked to high-profile attacks on organizations including NASA and the Brazilian government.
In a separate but potentially more damaging incident, the Gehenna hacking group claims to have successfully breached Coca-Cola Europacific Partners’ Salesforce dashboard in early May 2025.
The group alleges they have exfiltrated over 23 million records spanning from 2016 to 2025, including Salesforce accounts, contacts, products, and customer cases containing highly sensitive CRM-related information.
This is not the first time Coca-Cola or its affiliates have faced cybersecurity challenges. In 2023, a Coca-Cola bottler reportedly paid $1.5 million to hackers to prevent the leak of certain stolen files.
In 2018, the company disclosed a data breach affecting approximately 8,000 workers when a former employee was found in possession of company data on a personal hard drive.
Timing Raises Questions About Everest Claims
The timing of the Everest group’s claim is particularly interesting as the group’s own dark web leak site was recently defaced by unknown attackers in early April 2025.
Security researchers noted the site was replaced with a message reading “Don’t do crime CRIME IS BAD xoxo from Prague” before going offline completely.
Coca-Cola Europacific Partners, the largest bottler and distributor for Coca-Cola in Europe and the Asia Pacific region, has been working toward becoming “the world’s most digitized bottler”.
A breach of this magnitude could significantly impact their digital transformation efforts and expose sensitive business and customer data.
Security analysts note that neither Coca-Cola nor Coca-Cola Europacific Partners has officially confirmed these breaches.
The Everest group is known to engage in data extortion operations and has increasingly targeted various sectors since 2021.
“Ransomware groups often make exaggerated claims to pressure victims into paying ransoms,” said John Riggi from the American Hospital Association, who has previously commented on Everest’s tactics.
Coca-Cola has not issued an official statement regarding these alleged breaches as of press time. Coca-Cola customers and partners are advised to monitor official company communications for guidance on potential data exposure and recommended security measures.
Equip your SOC team with deep threat analysis for faster response -> Get Extra Sandbox Licenses for Free
