Cyber Incident Victim: Fomento Económico Mexicano, S.A.B. de C.V.

On or around April 1, 2023, Coca-Cola FEMSA, the bottling subsidiary of Fomento Económico Mexicano (FEMSA), publicly disclosed a cybersecurity incident through a filing with the Mexican Stock Exchange. The company activated backup operational procedures to maintain business continuity while working with external cybersecurity experts to minimize adverse impacts on its information technology applications. A forensic evaluation was initiated to assess the scope of the breach, though specific affected systems or operational elements remained unidentified at the time of disclosure. The incident occurred amid the company's ongoing digital transformation initiatives, including its Juntos+ commercial platform, which generated MXN$1.2 billion in sales during 2022 through digitized processes. No data compromise or operational disruption details were confirmed in the initial announcement.

The cybersecurity disclosure coincided with Coca-Cola FEMSA's Q1 2023 financial results release, which reported MXN$57.357 billion in sales—a 12% year-over-year increase exceeding Bloomberg's consensus estimate by 1.96%. Net profit reached MXN$3.916 billion during the same period. Monex analysts characterized these financial outcomes as positive but shifted focus to potential attack repercussions, noting that future assessments would depend on management's conference disclosures regarding operational exposure and incident severity. Analysts Roberto Solano and Brian Rodríguez emphasized monitoring short-to-medium term implications while acknowledging insufficient public details about attack vectors, threat actors, or recovery timelines. The company maintained its incident response activities without specifying containment measures or remediation deadlines beyond the ongoing forensic investigation.