Cyberattack on food giant Dole temporarily shuts down North America production, company memo says
By Sean Lyngaas, CNN
A cyberattack earlier this month forced produce giant Dole to temporarily shut down production plants in North America and halt food shipments to grocery stores, according to a company memo about the incident obtained by CNN.
The previously unreported hack — which a source familiar with the incident said was ransomware — led some grocery shoppers to complain on Facebook in recent days that store shelves were missing Dole-made salad kits.
“Dole Food Company is in the midst of a Cyber Attack and have subsequently shut down our systems throughout North America,” Emanuel Lazopoulos, senior vice president at Dole’s Fresh Vegetables division, said in a February 10 memo to retailers.
Dole has four processing plants in the US and employs more than 3,000 people, according to a recent company press release.
After CNN published this story on Wednesday afternoon, Dole spokesperson William Goldfield sent CNN a statement confirming that ransomware was the cause of the incident.
“The company has notified law enforcement about the incident and are cooperating with their investigation,” Dole’s statement said in part. “While continuing to investigate the scope of the incident, the impact to Dole operations has been limited.”
However, two grocery stores in Texas and New Mexico contacted by CNN on Wednesday said they couldn’t stock Dole salad kits on their shelves for days.
Clayton Ranch Market, in the small town of Clayton, New Mexico, near the border with Oklahoma and Texas, has been short of salad kits since the beginning of last week, Jeff Russell, assistant manager of the store’s produce section, told CNN by phone on Wednesday.
A cyberattack on Dole was the cause of the salad shortage, Adam Wolfe, the store’s manager, told CNN, citing the Dole memo, which he said his store received from its wholesale grocery provider, Affiliated Foods Inc., in Texas.
Russell, the produce manager, rattled off the salad kits his store was out of on Tuesday, the most recent full day of inventory, from Dole Chopped Sesame to Dole Butter Bliss.
“They [customers] are upset, but it happens,” Russell told CNN. “We can’t do nothing about it except [put in the orders].”
Mary Underwood, an employee at Stewart’s Food Store, in Olney, Texas, more than 100 miles west of Dallas, told CNN on Wednesday that the store had struggled to get Dole salads for several days. Customers started asking questions about the bare shelves, Underwood said, prompting the store to post the Dole memo about the cyberattack on its Facebook page.
In its statement, Dole said it “moved quickly to contain the threat” after learning of the incident, and “engaged leading third-party cybersecurity experts, who have been working in partnership with Dole’s internal teams to remediate the issue and secure systems.”
It was not immediately clear how long the company had to keep production offline. Goldfield, the Dole spokesperson, declined to answer questions on the incident, including whether a ransom was demanded by the hackers. The Department of Homeland Security’s cybersecurity agency and the Department of Agriculture did not respond to CNN’s requests for comment.
Other high-profile hacks against the food and agriculture sector in the last two years have threatened supply chains and caused distributors to strengthen their cybersecurity.
A May 2021 ransomware attack by alleged Russian-speaking hackers forced JBS, the world’s largest meat supplier, to temporarily close factories in the US, Canada and Australia. JBS said it paid the hackers $11 million to unlock their systems.
Less lucrative, but still prevalent
Dole shut down its computer systems soon after the hack began to contain the spread of the ransomware, the source familiar with the incident said. Ransomware encrypts computers, typically so that hackers can demand a payoff.
The multibillion-dollar company — officially known as Dole Plc after a 2021 merger between Dole Food Company and Ireland’s Total Produce — sources produce from dozens of countries around the world.
Dole Plc uses email security software made by Fortinet, a popular California-based firm that contracts with US government agencies and corporations alike.
“For Dole plc, any downtime will put a spoil on revenue for the food industry leader,” Fortinet says in writing that predates the hack on its website, which showcases Dole as a client.
It’s unclear what role, if any, Fortinet’s software had in detecting the cyberattack at Dole. CNN has requested comment from Fortinet but has yet to hear back.
In response to the 2021 ransomware attack on JBS and others, President Joe Biden made a major push to get Russian President Vladimir Putin to crack down on Russian cybercrime groups from launching attacks on US companies and government agencies. But hopes of substantive cooperation between Washington and Moscow on cybercrime dimmed with Russia’s full-scale invasion of Ukraine a year ago.
Ransomware revenue fell to about $457 million in 2022, down from $766 million in 2021, according to data from cryptocurrency-tracking firm Chainalysis. Less Fewer victims are paying off their attackers and some targets have improved their defenses, according to security analysts.
Ransomware is not the only digital scam that has hit the food sector. Cybercriminals have stolen hundreds of thousands of dollars’ worth of shipments from US food suppliers by placing fraudulent orders for milk products, the FBI and other federal agencies warned in December.
The-CNN-Wire
™ & © 2023 Cable News Network, Inc., a Warner Bros. Discovery Company. All rights reserved.