US based soft drink company Coca-Cola’s IT system was hacked by Chinese hackers three years ago, but the company kept the cyber attack secret.
According to Bloomberg, the hack came when Coca-Cola was looking to acquire the China Huiyuan Juice for about $2.4bn in 2009.
Bloomberg claimed that the deal, which was collapsed three days after the cyber-attack, would have been the largest foreign takeover of a Chinese firm at the time.
According to an internal document, the hackers breached into the company’s files pilfered internal e-mails and accessed almost any Microsoft Windows server, work station or laptop on the network with full remote control.
Hackers sent an email to Coca-Cola’s deputy president for the Pacific region, Paul Etchells, which had a malicious link which installed keyloggers and other forms of malware when opened.
The US Securities and Exchange Commission (SEC) said Coca-Cola did not publicly disclose the attack.
AlienVault head of security lab Jaime Blasco said: "While the internal Coke report says the intruders were state-sponsored, the attributes of the hack, including the types of malware and techniques used, suggest they are part of Comment group, one of the most prolific hacking groups based in China. It’s very clear that Comment was behind it."
Data security company Imperva web researcher Tal Be’ery said: "This hack shows again that compromised insider attacks are a big deal as it foiled a $2bn business deal."
Jacob Olcott, a former cyber policy adviser to the US Congress was quoted by Bloomberg as saying that "Investors have no idea what is happening today."
"Companies currently provide little information about material events that occur on their networks," Olcott said.
Coca-Cola told the BBC in a statement: "Our company’s security team manages security risks in conjunction with the appropriate security and law enforcement organisations around the world."
"As a matter of practice, we do not comment on security matters," Coca-Cola said.