View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
November 6, 2012

Coca-Cola’s IT system hit by cyber attack but was kept secret

A malicious link was emailed to Coca-Cola's deputy president Paul Etchells

By CBR Staff Writer

US based soft drink company Coca-Cola’s IT system was hacked by Chinese hackers three years ago, but the company kept the cyber attack secret.

According to Bloomberg, the hack came when Coca-Cola was looking to acquire the China Huiyuan Juice for about $2.4bn in 2009.

Bloomberg claimed that the deal, which was collapsed three days after the cyber-attack, would have been the largest foreign takeover of a Chinese firm at the time.

According to an internal document, the hackers breached into the company’s files pilfered internal e-mails and accessed almost any Microsoft Windows server, work station or laptop on the network with full remote control.

Hackers sent an email to Coca-Cola’s deputy president for the Pacific region, Paul Etchells, which had a malicious link which installed keyloggers and other forms of malware when opened.

The US Securities and Exchange Commission (SEC) said Coca-Cola did not publicly disclose the attack.

AlienVault head of security lab Jaime Blasco said: "While the internal Coke report says the intruders were state-sponsored, the attributes of the hack, including the types of malware and techniques used, suggest they are part of Comment group, one of the most prolific hacking groups based in China. It’s very clear that Comment was behind it."

Content from our partners
Unlocking growth through hybrid cloud: 5 key takeaways
How businesses can safeguard themselves on the cyber frontline
How hackers’ tactics are evolving in an increasingly complex landscape

Data security company Imperva web researcher Tal Be’ery said: "This hack shows again that compromised insider attacks are a big deal as it foiled a $2bn business deal."

Jacob Olcott, a former cyber policy adviser to the US Congress was quoted by Bloomberg as saying that "Investors have no idea what is happening today."

"Companies currently provide little information about material events that occur on their networks," Olcott said.

Coca-Cola told the BBC in a statement: "Our company’s security team manages security risks in conjunction with the appropriate security and law enforcement organisations around the world."

"As a matter of practice, we do not comment on security matters," Coca-Cola said.

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how New Statesman Media Group may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.