Coca-Cola hacked: secret exposed three years later

Coca-Cola learned some disquieting news March 15, 2009. FBI officials alerted executives of the multi-billion dollar corporation that they had been hacked, according to a Bloomberg report.

Cyberattacks on Coca-Cola’s computer systems allowed infiltrators access to sensitive files about the company’s possible $2.4 billion acquisition of China Huiyuan Juice Group, Bloomberg reported with backing from a Coca-Cola internal company document.

The Huiyuan deal fell apart within days.

The immense cyberattack was made possible because Paul Etchells, deputy president of the Coca-Cola Pacific Group, received a skillfully targeted email in which the subject read, “Save power is save money! (from CEO).” After clicking the malicious link thought to be from the company’s chief executive officer, malware was uploaded onto his system, allowing the Chinese hackers access to Etchells’ entire cache, according to the internal report. Hackers soon after used Etchells’ computer as a base point to store and download data from any computer in the corporate network.

Coca-Cola has pinned the intruders as state-sponsored, according to AlienVault, preventing what would have been the largest foreign takeover of a Chinese company at the time. The hackers were part of Comment group, a high-impact China-based hacking collective.

James Lewis, from the Center for Strategic and International Studies in Washington, told Bloomberg that companies who do business in China to expect “hackers will go after their most confidential files.” Lewis added, “This has been a part of their plan to catch up to the West. You steal their technology, you steal their business secrets.”

How and why did the company manage to keep this breach of security a secret for the last 3 years? No matter the size, a breach in security can cause a lot of harm to the status of a company, sometimes completely destroying all credibility. This taboo incidence is not exactly something many enterprises want to publicize for fear of damaged reputation or worse, damaged stock prices.

And Coca-Cola is not the only victim of cyber intrusion on big business deals, from mergers and acquisitions to joint ventures and supply agreements. According to Bloomberg, hacks of similar nature have also affected U.K. energy firm BG Group Plc, Luxembourg steelmaker ArcelorMittal and U.S. company Chesapeake Energy. The hacks demonstrate a trend for corporate hacks involving highly sensitive and highly expensive business arrangements.

Coca-Cola did not even know it had been under attack until the day the FBI came and told them the problem. Unfortunately for many other companies, especially smaller firms, the FBI is not always there to deliver the news.

In a speech in October, U.K. Foreign Secretary William Hague said “If these attacks are left unchecked, they could have a devastating impact on the future earning potential of any major companies and the economic well-being of countries.”

This is where Tiro Security aims to make an impact by not only supplying companies with the best information security specialists, but also raising awareness of the importance of information security to businesses of all sizes.

Whether your business needs full-time IT Security staff or contractors, or you wish to have smaller projects done externally, come to Tiro Security, a leading IT Security staffing and solutions firm in Los Angeles.

Posted in