Refresco
Company Details
Linkedin ID:
refresco
Website:
Employees number:
6,234
Number of followers:
103,373
NAICS:
722
Industry Type:
Homepage:
refresco.com
IP Addresses:
0
Company ID:
REF_1096893
Scan Status:
In-progress
Refresco Company CyberSecurity Posture
refresco.com
We are a global independent beverage solutions provider, with operations in Europe, North-America, and Australia. We produce over 40 million liters of the world's most well-known drinks every day! Refresco offers an extensive range of product and packaging combinations from 100% fruit juices to carbonated soft drinks and mineral waters in carton, PET, Aseptic PET, cans, and glass. Focused on innovation, Refresco continuously searches for new and alternative ways to improve the quality of its products and packaging combinations in line with consumer and customer demand, environmental responsibilities, and market demand. Refresco is headquartered in Rotterdam, the Netherlands and has over 14,000+ employees globally. refresco.com
Refresco A.I CyberSecurity Scoring
Refresco Risk Score (AI oriented)Between 700 and 749
Refresco
Updated:
- Powered by our proprietary A.I cyber incident model
- Insurance preferes TPRM score to calculate premium
Refresco Global Score (TPRM)XXXX
Refresco
- Instant access to detailed risk factors
- Benchmark vs. industry & size peers
- Vulnerabilities
- Findings
Refresco Company CyberSecurity News & History
Past Incidents
2
Attack Types
1
Refresco Beverages US Inc.
Breach
Rankiteo Explanation
Attack with significant impact with internal employee data leaks
Description: In March 2023, Refresco Beverages US Inc. experienced a data breach where an unauthorized party accessed its computer network, compromising sensitive personal information of current and former employees. The exposed data included names, dates of birth, Social Security numbers, addresses, financial account numbers, driver’s license numbers, health insurance policy numbers, and health-related details tied to workers’ compensation and Americans with Disabilities Act accommodations. The breach led to a class action lawsuit, alleging the company failed to adequately safeguard the data. Refresco agreed to a **$650,000 settlement**, offering affected employees up to **$5,000** in compensation for documented losses, out-of-pocket expenses, and time spent resolving breach-related issues. The incident underscored vulnerabilities in the company’s cybersecurity measures, resulting in potential identity theft, fraud, and financial harm to impacted individuals.
Refresco Beverages US Inc.
Breach
Rankiteo Explanation
Attack with significant impact with internal employee data leaks
Description: The California Office of the Attorney General disclosed a data breach affecting **Refresco Beverages US Inc.** in November 2023, initially detected on **May 14, 2023**. The incident involved **unauthorized access to personal information** of current and former employees, exposing **personally identifiable information (PII) and personal health information (PHI)**. The exact number of impacted individuals remains undisclosed, but the breach poses significant risks due to the sensitivity of the compromised data. Employee records, including financial, identity, and health-related details, may have been exposed, increasing vulnerabilities to identity theft, fraud, or targeted phishing attacks. The breach underscores critical gaps in data protection measures, particularly concerning internal workforce data, which could lead to regulatory scrutiny, reputational harm, and potential legal liabilities for the company.
Refresco Company Scoring based on AI Models
Cyber Incidents Likelihood 3 - 6 - 9 months
A.I Risk Score Likelihood 3 - 6 - 9 months
Underwriter Stats for Refresco
Incidents vs Food and Beverage Services Industry Average (This Year)
No incidents recorded for Refresco in 2025.
Incidents vs All-Companies Average (This Year)
No incidents recorded for Refresco in 2025.
Incident Types Refresco vs Food and Beverage Services Industry Avg (This Year)
No incidents recorded for Refresco in 2025.
Incident History — Refresco (X = Date, Y = Severity)
Refresco cyber incidents detection timeline including parent company and subsidiaries
Refresco Company Subsidiaries
We are a global independent beverage solutions provider, with operations in Europe, North-America, and Australia. We produce over 40 million liters of the world's most well-known drinks every day! Refresco offers an extensive range of product and packaging combinations from 100% fruit juices to carbonated soft drinks and mineral waters in carton, PET, Aseptic PET, cans, and glass. Focused on innovation, Refresco continuously searches for new and alternative ways to improve the quality of its products and packaging combinations in line with consumer and customer demand, environmental responsibilities, and market demand. Refresco is headquartered in Rotterdam, the Netherlands and has over 14,000+ employees globally. refresco.com
Loading...
Refresco Similar Companies
As China’s leading dairy manufacturer, Mengniu focuses on producing nutritional, healthy and tasty dairy products for customers worldwide. 20 years of experiences enabled Mengniu to develop a diversified product matrix, including liquid milk, ice-cream, infant formula, cheese and etc. The company ha
Nestlé
As the world’s largest food and beverage company we are driven by a simple aim: unlocking the power of food to enhance quality of life for everyone, today and for generations to come. To deliver on this, we serve with passion, with a spirit of excellence, offering products and services for all stage
HMSHost
HMSHost is recognized by the industry as the leader in travel dining with awards such as Restaurateur with the Highest Regard for Customer Service and Best Brand Restaurateur for Shake Shack by Airport Experience News. USA Today 10Best Readers’ Choice Travel Awards gave first place honors to both of
The Coca-Cola Company
From our roots at the counter of a local Atlanta pharmacy, to our current portfolio of more than 200 beverages, The Coca-Cola Company is one of the most globally-recognized brands in the world. Today, our lineup features beloved beverage brands, including Coca-Cola, Sprite, Fanta, smartwater, Dasa
Arca Continental
Arca Continental produces, distributes and sells non-alcoholic beverages under The Coca-Cola Company brand, as well as snacks under the brands of Bokados in Mexico, Inalecsa in Ecuador and Wise in the US. With an outstanding history spanning more than 98 years, Arca Continental is the second-larges
Perfetti Van Melle
Perfetti Van Melle is a privately owned company, producing and distributing candies and chewing gums in more than 150 countries worldwide. Employing over 17.000 people and operating 37 companies throughout the world, Perfetti Van Melle has a true global reach: it is present in the Asia Pacific Reg
Café de Coral Holdings Limited 大家樂集團
Incorporated in 1968 and listed on the Hong Kong Stock Exchange in July 1986, Café de Coral Group (SEHK: 0341) is one of Asia’s largest publicly-listed restaurant and catering groups. With deep roots in Hong Kong, the Group has established its position as a market leader in the fast food industry ov
Carlsberg Group
This is the official LinkedIn channel of the Carlsberg Group. The Carlsberg Group was established in 1847 by brewer J.C. Jacobsen. J.C. Jacobsen was a true renaissance man. A believer in quality, research and serving the community, he shared his knowledge with fellow brewers. He looked to the futur
Coca-Cola Consolidated
Coca-Cola Consolidated is the largest Coca-Cola bottler in the United States. Our Purpose is to honor God in all we do, serve others, pursue excellence, and grow profitably. For over 120 years, we have been deeply committed to the consumers, customers, and communities we serve and are passionate abo
.png)
Refresco CyberSecurity News
October 31, 2023 07:00 AM
Refresco Plans $30.5M Expansion At Joplin, MO Site
Refresco, a national beverage bottling manufacturer, will invest $30.5 million to expand its Joplin, Missouri, distribution center.
September 22, 2023 07:00 AM
Refresco Beverage Will Invest $13M In New York Expansion
Refresco Beverage will expand in Dunkirk, New York. AMD grows semiconductor R&D facilities in Monroe and Dutchess counties.
Frequently Asked Questions
Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.
Refresco CyberSecurity History Information
Official Website of Refresco
The official website of Refresco is http://www.refresco.com.
Refresco’s AI-Generated Cybersecurity Score
According to Rankiteo, Refresco’s AI-generated cybersecurity score is 710, reflecting their Moderate security posture.
How many security badges does Refresco’ have ?
According to Rankiteo, Refresco currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.
Does Refresco have SOC 2 Type 1 certification ?
According to Rankiteo, Refresco is not certified under SOC 2 Type 1.
Does Refresco have SOC 2 Type 2 certification ?
According to Rankiteo, Refresco does not hold a SOC 2 Type 2 certification.
Does Refresco comply with GDPR ?
According to Rankiteo, Refresco is not listed as GDPR compliant.
Does Refresco have PCI DSS certification ?
According to Rankiteo, Refresco does not currently maintain PCI DSS compliance.
Does Refresco comply with HIPAA ?
According to Rankiteo, Refresco is not compliant with HIPAA regulations.
Does Refresco have ISO 27001 certification ?
According to Rankiteo,Refresco is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.
Industry Classification of Refresco
Refresco operates primarily in the Food and Beverage Services industry.
Number of Employees at Refresco
Refresco employs approximately 6,234 people worldwide.
Subsidiaries Owned by Refresco
Refresco presently has no subsidiaries across any sectors.
Refresco’s LinkedIn Followers
Refresco’s official LinkedIn profile has approximately 103,373 followers.
NAICS Classification of Refresco
Refresco is classified under the NAICS code 722, which corresponds to Food Services and Drinking Places.
Refresco’s Presence on Crunchbase
Yes, Refresco has an official profile on Crunchbase, which can be accessed here: https://www.crunchbase.com/organization/refresco-gerber.
Refresco’s Presence on LinkedIn
Yes, Refresco maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/refresco.
Cybersecurity Incidents Involving Refresco
As of December 04, 2025, Rankiteo reports that Refresco has experienced 2 cybersecurity incidents.
Number of Peer and Competitor Companies
Refresco has an estimated 8,450 peer or competitor companies worldwide.
What types of cybersecurity incidents have occurred at Refresco ?
Incident Types: The types of cybersecurity incidents that have occurred include Breach.
What was the total financial impact of these incidents on Refresco ?
Total Financial Loss: The total financial loss from these incidents is estimated to be $0.
How does Refresco detect and respond to cybersecurity incidents ?
Detection and Response: The company detects and responds to cybersecurity incidents through an communication strategy with public disclosure via california office of the attorney general, and communication strategy with notice letters sent to affected individuals (november 2023)..
Incident Details
Can you provide details on each incident ?
Title: Data Breach at Refresco Beverages US Inc.
Description: The California Office of the Attorney General reported a data breach involving Refresco Beverages US Inc. on November 9, 2023. The breach was detected on May 14, 2023, and potentially involved unauthorized access to personal information of current and former employees, including personally identifiable information (PII) and personal health information (PHI). The specific number of individuals affected is unknown.
Date Detected: 2023-05-14
Date Publicly Disclosed: 2023-11-09
Type: Data Breach
Title: Refresco Beverages US Inc. Data Breach (March 2023)
Description: An unauthorized party accessed Refresco Beverages US Inc.'s computer network in March 2023, potentially exposing sensitive personal information of current and former employees. The breach compromised names, dates of birth, Social Security numbers, addresses, financial account numbers, driver’s license numbers, health insurance policy numbers, and certain health information. Refresco agreed to a $650,000 class action settlement to resolve allegations of inadequate safeguards.
Date Detected: 2023-03
Date Publicly Disclosed: 2023-11
Type: Data Breach
Threat Actor: Unauthorized party
What are the most common types of attacks the company has faced ?
Common Attack Types: The most common types of attacks the company has faced is Breach.
Impact of the Incidents
What was the impact of each incident ?
Incident : Data Breach REF040090625
Data Compromised: Personally identifiable information (pii), Personal health information (phi)
Identity Theft Risk: Potential (PII and PHI exposed)
Incident : Data Breach REF2650626110725
Data Compromised: Names, Dates of birth, Social security numbers, Addresses, Financial account numbers, Driver’s license numbers, Health insurance policy numbers, Health information (workers’ compensation, ada accommodations)
Systems Affected: Computer network
Brand Reputation Impact: Class action lawsuit and settlement
Legal Liabilities: $650,000 settlement
Identity Theft Risk: High (SSNs, financial data exposed)
Payment Information Risk: High (financial account numbers exposed)
What is the average financial loss per incident ?
Average Financial Loss: The average financial loss per incident is $0.00.
What types of data are most commonly compromised in incidents ?
Commonly Compromised Data Types: The types of data most commonly compromised in incidents are Personally Identifiable Information (Pii), Personal Health Information (Phi), , Personally Identifiable Information (Pii), Protected Health Information (Phi), Financial Information and .
Which entities were affected by each incident ?
Incident : Data Breach REF040090625
Entity Name: Refresco Beverages US Inc.
Entity Type: Corporation
Industry: Beverage Manufacturing
Location: United States (California)
Incident : Data Breach REF2650626110725
Entity Name: Refresco Beverages US Inc.
Entity Type: Beverage Manufacturer
Industry: Food & Beverage
Location: United States
Customers Affected: Current and former employees (exact number unspecified)
Response to the Incidents
What measures were taken in response to each incident ?
Incident : Data Breach REF040090625
Communication Strategy: Public disclosure via California Office of the Attorney General
Incident : Data Breach REF2650626110725
Communication Strategy: Notice letters sent to affected individuals (November 2023)
Data Breach Information
What type of data was compromised in each breach ?
Incident : Data Breach REF040090625
Type of Data Compromised: Personally identifiable information (pii), Personal health information (phi)
Sensitivity of Data: High (includes PHI)
Data Exfiltration: Potential (unauthorized access reported)
Incident : Data Breach REF2650626110725
Type of Data Compromised: Personally identifiable information (pii), Protected health information (phi), Financial information
Sensitivity of Data: High (SSNs, financial, health data)
Data Exfiltration: Likely (data accessed by unauthorized party)
Personally Identifiable Information: NamesDates of birthSocial Security numbersAddressesDriver’s license numbers
Regulatory Compliance
Were there any regulatory violations and fines imposed for each incident ?
Incident : Data Breach REF040090625
Regulations Violated: Potential HIPAA (PHI exposure), California Consumer Privacy Act (CCPA),
Regulatory Notifications: California Office of the Attorney General
Incident : Data Breach REF2650626110725
Legal Actions: Class action lawsuit (settled for $650,000)
How does the company ensure compliance with regulatory requirements ?
Ensuring Regulatory Compliance: The company ensures compliance with regulatory requirements through Class action lawsuit (settled for $650,000).
References
Where can I find more information about each incident ?
Incident : Data Breach REF040090625
Source: California Office of the Attorney General
Date Accessed: 2023-11-09
Incident : Data Breach REF2650626110725
Source: Class Action Settlement Notice
Incident : Data Breach REF2650626110725
Source: Settlement Administrator (Refresco Data Breach Settlement)
Where can stakeholders find additional resources on cybersecurity best practices ?
Additional Resources: Stakeholders can find additional resources on cybersecurity best practices at and Source: California Office of the Attorney GeneralDate Accessed: 2023-11-09, and Source: Class Action Settlement Notice, and Source: Settlement Administrator (Refresco Data Breach Settlement).
Investigation Status
What is the current status of the investigation for each incident ?
Incident : Data Breach REF040090625
Investigation Status: Ongoing (as of disclosure date)
Incident : Data Breach REF2650626110725
Investigation Status: Settled (class action lawsuit resolved)
How does the company communicate the status of incident investigations to stakeholders ?
Communication of Investigation Status: The company communicates the status of incident investigations to stakeholders through Public disclosure via California Office of the Attorney General and Notice letters sent to affected individuals (November 2023).
Stakeholder and Customer Advisories
Were there any advisories issued to stakeholders or customers for each incident ?
Incident : Data Breach REF2650626110725
Stakeholder Advisories: Notice letters sent to affected employees (November 2023)
What advisories does the company provide to stakeholders and customers following an incident ?
Advisories Provided: The company provides the following advisories to stakeholders and customers following an incident: was Notice letters sent to affected employees (November 2023).
Initial Access Broker
How did the initial access broker gain entry for each incident ?
Incident : Data Breach REF040090625
High Value Targets: Employee Pii, Employee Phi,
Data Sold on Dark Web: Employee Pii, Employee Phi,
Incident : Data Breach REF2650626110725
High Value Targets: Employee Pii/Phi Data,
Data Sold on Dark Web: Employee Pii/Phi Data,
Post-Incident Analysis
What were the root causes and corrective actions taken for each incident ?
Incident : Data Breach REF2650626110725
Root Causes: Alleged failure to adequately safeguard sensitive personal information
Corrective Actions: Settlement agreement (no technical remediation details disclosed)
What corrective actions has the company taken based on post-incident analysis ?
Corrective Actions Taken: The company has taken the following corrective actions based on post-incident analysis: Settlement agreement (no technical remediation details disclosed).
Additional Questions
General Information
Who was the attacking group in the last incident ?
Last Attacking Group: The attacking group in the last incident was an Unauthorized party.
Incident Details
What was the most recent incident detected ?
Most Recent Incident Detected: The most recent incident detected was on 2023-05-14.
What was the most recent incident publicly disclosed ?
Most Recent Incident Publicly Disclosed: The most recent incident publicly disclosed was on 2023-11.
Impact of the Incidents
What was the highest financial loss from an incident ?
Highest Financial Loss: The highest financial loss from an incident was {'settlement_amount': '$650,000', 'attorneys_fees': '$216,666.67', 'administration_costs': 'To be determined', 'claimant_payouts': 'Remaining funds after deductions'}.
What was the most significant data compromised in an incident ?
Most Significant Data Compromised: The most significant data compromised in an incident were Personally Identifiable Information (PII), Personal Health Information (PHI), , Names, Dates of birth, Social Security numbers, Addresses, Financial account numbers, Driver’s license numbers, Health insurance policy numbers, Health information (workers’ compensation, ADA accommodations) and .
What was the most significant system affected in an incident ?
Most Significant System Affected: The most significant system affected in an incident was Computer network.
Data Breach Information
What was the most sensitive data compromised in a breach ?
Most Sensitive Data Compromised: The most sensitive data compromised in a breach were Social Security numbers, Financial account numbers, Addresses, Personal Health Information (PHI), Personally Identifiable Information (PII), Health information (workers’ compensation, ADA accommodations), Health insurance policy numbers, Dates of birth, Names and Driver’s license numbers.
Regulatory Compliance
What was the most significant legal action taken for a regulatory violation ?
Most Significant Legal Action: The most significant legal action taken for a regulatory violation was Class action lawsuit (settled for $650,000).
References
What is the most recent source of information about an incident ?
Most Recent Source: The most recent source of information about an incident are Class Action Settlement Notice, California Office of the Attorney General and Settlement Administrator (Refresco Data Breach Settlement).
Investigation Status
What is the current status of the most recent investigation ?
Current Status of Most Recent Investigation: The current status of the most recent investigation is Ongoing (as of disclosure date).
Stakeholder and Customer Advisories
What was the most recent stakeholder advisory issued ?
Most Recent Stakeholder Advisory: The most recent stakeholder advisory issued was Notice letters sent to affected employees (November 2023), .
.png)
Latest Global CVEs (Not Company-Specific)
Description
MCP Server Kubernetes is an MCP Server that can connect to a Kubernetes cluster and manage it. Prior to 2.9.8, there is a security issue exists in the exec_in_pod tool of the mcp-server-kubernetes MCP Server. The tool accepts user-provided commands in both array and string formats. When a string format is provided, it is passed directly to shell interpretation (sh -c) without input validation, allowing shell metacharacters to be interpreted. This vulnerability can be exploited through direct command injection or indirect prompt injection attacks, where AI agents may execute commands without explicit user intent. This vulnerability is fixed in 2.9.8.
Risk Information
cvss3
Base: 6.4
Severity: HIGH
CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H
Description
XML external entity (XXE) injection in eyoucms v1.7.1 allows remote attackers to cause a denial of service via crafted body of a POST request.
Description
An issue was discovered in Fanvil x210 V2 2.12.20 allowing unauthenticated attackers on the local network to access administrative functions of the device (e.g. file upload, firmware update, reboot...) via a crafted authentication bypass.
Description
Cal.com is open-source scheduling software. Prior to 5.9.8, A flaw in the login credentials provider allows an attacker to bypass password verification when a TOTP code is provided, potentially gaining unauthorized access to user accounts. This issue exists due to problematic conditional logic in the authentication flow. This vulnerability is fixed in 5.9.8.
Risk Information
cvss4
Base: 9.9
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
Rhino is an open-source implementation of JavaScript written entirely in Java. Prior to 1.8.1, 1.7.15.1, and 1.7.14.1, when an application passed an attacker controlled float poing number into the toFixed() function, it might lead to high CPU consumption and a potential Denial of Service. Small numbers go through this call stack: NativeNumber.numTo > DToA.JS_dtostr > DToA.JS_dtoa > DToA.pow5mult where pow5mult attempts to raise 5 to a ridiculous power. This vulnerability is fixed in 1.8.1, 1.7.15.1, and 1.7.14.1.
Risk Information
cvss4
Base: 5.5
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Access Data Using Our API
Get company history
curl -i -X GET 'https://api.rankiteo.com/underwriter-getcompany-history?linkedin_id=refresco' -H 'apikey: YOUR_API_KEY_HERE'
RapidWhat Do We Measure ?
Incident
Finding
Grade
Digital Assets
Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.
These are some of the factors we use to calculate the overall score:
Network Security
Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.
SBOM (Software Bill of Materials)
Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.
CMDB (Configuration Management Database)
Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.
Threat Intelligence
Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.
Rankiteo is a unified scoring and risk platform that analyzes billions of signals weekly to help organizations gain faster, more actionable insights into emerging threats. Empowering teams to outpace adversaries and reduce exposure.
