BBC News

Coca-Cola 'targeted' by China in hack ahead of acquisition attempt

image captionCompanies are encouraged

Chinese hackers have been blamed for infiltrating confidential systems within Coca-Cola for more than a month, Bloomberg has reported.

The fizzy drink firm was breached in 2009 when a malicious link was emailed to a senior executive.

Hackers were able to spend a month operating undetected, logging commercially sensitive information.

The US Securities and Exchange Commission (SEC) said Coca-Cola did not publicly disclose the attack.

Last year the SEC outlined guidelines for companies who had been hit by cyber-attacks, saying that transparency on the issue was in the interest of investors and other stakeholders.

However, companies have so far been reluctant to do so - fearing for reputational loss and negative impact on stock price.

"Investors have no idea what is happening today," Jacob Olcott, a former cyber policy adviser to the US Congress told the financial news agency.

"Companies currently provide little information about material events that occur on their networks."

Collapsed deal

In Coca-Cola's case, hackers masqueraded as Coca-Cola's chief executive, sending an email to Paul Etchells, Coca-Cola's deputy president for the Pacific region.

The email contained a malicious link which was clicked on - allowing for hackers to install keyloggers and other forms of malware on Mr Etchells' machine.

In the days that followed, hackers took emails and stole passwords to give themselves administrative privileges on the network.

The infiltration was - according to internal documents seen by Bloomberg - blamed on state-backed Chinese attackers.

The hack came at a time when Coca-Cola was looking to acquire the China Huiyuan Juice Group for about $2.4bn. Had the takeover happened, it would have been the largest foreign takeover of a Chinese company.

However, the deal collapsed three days after the cyber-attack, Bloomberg said, citing internal sources.

Coca-Cola told the BBC in a statement: "Our company's security team manages security risks in conjunction with the appropriate security and law enforcement organisations around the world.

"As a matter of practice, we do not comment on security matters."

More on this story

  • Pastebin puts Anonymous spat behind it