Two well-known hacking groups have claimed responsibility for separate cyberattacks targeting Coca-Cola, raising serious concerns over the potential exposure of sensitive data involving millions of customers.
Everest and Gehenna Groups Claim Separate Breaches
The Everest ransomware group, active since 2020, claims it has accessed confidential internal data from Coca-Cola’s systems, particularly focusing on its Middle East operations. This group has previously targeted major institutions, including NASA and the Brazilian government.
In a separate attack, the Gehenna hacking group says it breached the Salesforce database of Coca-Cola Europacific Partners (CCEP) in early May 2025. The group alleges it stole more than 23 million records dating from 2016 to 2025. These records reportedly include Salesforce account data, contact lists, product details, and customer service cases.
History of Cybersecurity Incidents
This is not the first time Coca-Cola has faced cybersecurity threats. In 2023, a Coca-Cola bottler reportedly paid $1.5 million to prevent the leak of stolen data. Back in 2018, a breach affected around 8,000 employees after a former worker was found storing company data on a personal drive.
Unverified Claims and Ongoing Investigation
As of now, neither Coca-Cola nor Coca-Cola Europacific Partners has confirmed the breaches. Security experts warn that ransomware groups often exaggerate their claims to pressure victims into paying.
The timing of Everest’s statement has also raised questions. Earlier in April 2025, the group’s own leak site was defaced by unknown attackers, who left the message: “Don’t do crime. CRIME IS BAD xoxo from Prague” before the site went offline.
Potential Business Impact
Coca-Cola Europacific Partners, the largest bottler for Coca-Cola across Europe and Asia Pacific, has been investing heavily in digital transformation. A breach of this scale could significantly affect its reputation and ongoing modernization efforts.
“These kinds of groups often make bold claims to create fear and force negotiation,” said John Riggi of the American Hospital Association, who has analyzed Everest’s tactics in the past.
Customers and partners of Coca-Cola are advised to stay alert for official updates and follow any recommended security steps as investigations continue.
