Cyber Incident Victim: Coca-Cola FEMSA, S.A.B. de C.V.

Coca-Cola FEMSA, the bottling business of Fomento Económico Mexicano (FEMSA), reported to the market that it was the subject of a cybersecurity incident. The announcement was made via a statement distributed through the Mexican Stock Exchange on April 1, 2023. The company, a major bottler of Coca-Cola products in Mexico and other Latin American markets, stated its expectation to continue its operations by utilizing backup procedures. This indicated a proactive measure to maintain business continuity in the face of the disruption. At the time of the announcement, the company was actively working with experts to implement measures aimed at preventing an adverse impact on its information technology applications. The primary immediate response involved engaging forensic specialists to conduct a detailed evaluation to determine the full scope and extent of the incident.

The specific elements of the company's operations that were affected by the incident were not immediately clear from the initial public disclosure. The company had undergone a series of digitalization measures for various internal processes in recent years, which expanded its technological footprint. One notable digital platform mentioned is its commercial platform, Juntos+, which generated sales of MXN$1.2 billion in 2022. The incident potentially threatened the integrity or availability of such critical business systems, though the company did not specify if this platform or others were directly compromised. The announcement of the cyberattack coincided with the release of the company's financial results for the first quarter of 2023, creating a significant point of focus for investors and analysts reviewing the otherwise positive earnings report.

The financial results presented showed the company had achieved sales of MXN$57.357 billion, which was a 12% increase compared to the first quarter of 2022 and exceeded the Bloomberg consensus forecast by 1.96%. Net profit amounted to MXN$3.916 billion. These results were characterized as positive by analysts from Monex. However, the analysts, Roberto Solano and Brian Rodríguez, immediately shifted their focus to the potential implications of the newly disclosed cybersecurity incident. They noted that their attention would be on the upcoming conference call with the company's management, emphasizing that it would be key to learn more details about the recent cybersecurity attack. The analysts highlighted the importance of understanding the company's exposure to such events and whether there would be any implications to consider for their financial outlook on the company in the short to medium term.

The company's public communications did not disclose the nature of the attack, such as whether it was a ransomware event, data breach, or other form of malware infection. There was no information provided regarding the potential threat actor responsible for the incident or their possible motives. The lack of detail extended to the specific timing of the initial detection of the incident, whether it occurred hours or days prior to the public filing. The response actions detailed were focused on containment and assessment, utilizing backup procedures to maintain operations and engaging external cybersecurity experts for forensic analysis and mitigation efforts. The full impact on production schedules, supply chain logistics, or data security remained undetermined at the time of the public reporting. The incident represented a significant operational challenge for the company, occurring within a context of increased digital transformation and reliance on technology platforms for commercial activities across its extensive Latin American operations.