Heimdal
article featured image

Contents:

Dole Food Company, one of the world’s largest suppliers of fresh fruit and vegetables, has revealed that it has been hit by a ransomware attack that disrupted its operations.

The company is still looking into “the scope of the incident,” but for now, they’ve said that the impact is limited. The business has a workforce of around 38,000 people and generates $6.5 billion in annual sales.

Dole has hired third-party experts to assist with the mitigation and protection of the impacted systems, according to a statement posted on the company’s website. The incident has also been reported to law enforcement.

Dole plc announced today that the company recently experienced a cybersecurity incident that has been identified as ransomware. Upon learning of this incident, Dole moved quickly to contain the threat and engaged leading third-party cybersecurity experts, who have been working in partnership with Dole’s internal teams to remediate the issue and secure systems.

(…) While continuing to investigate the scope of the incident, the impact to Dole operations has been limited.

Source

Dole Shut Down Production in North America

However, despite Dole’s attempt to downplay the incident, claiming that the impact was “limited”, a memo from a Texas grocery store that was posted on Facebook suggests otherwise: food giant Dole was forced to shut down its production plants in North America.

“Dole Food Company is in the midst of a cyberattack, and [we] have subsequently shut down our systems throughout North America. (…) Our plants are shut down for the day, and all shipments are on hold.”, reads the company’s notification to its partners.

Dole's Cyber Incident Announcement to its partners

The company’s notification to its partners

Source

For more than a week, customers have been complaining about prepackaged Dole salad shortages on store shelves. Although the company did not specify the date of the attack, it is likely that the shortage was caused by a ransomware attack, explains Bleeping Computer.

The memo distributed to stores highlights Dole’s crisis management protocol, which includes the “Manual Backup Program.” This indicates that the company may resort to manual operations, which means that manufacturing and shipments will resume, though at a slower pace.

Dole’s official announcement on the ransomware incident is available here.

Update (March 24, 2023): Dole Confirms Ransomware Attack

Dole confirmed that the ransomware attackers in February gained access to the personal data of an unspecified number of employees.

We have in the past experienced, and may in the future face, cybersecurity incidents. In February of 2023, we were the victim of a sophisticated ransomware attack involving unauthorized access to employee information.

Upon detecting the attack, we promptly took steps to contain the attack, retained the services of leading third-party cybersecurity experts and notified law enforcement. The February 2023 attack had a limited impact on our operations.

Source

The annual report Dole has filed with the U.S. Securities and Exchange Commission (SEC) is available here.

If you liked this article, follow us on LinkedInTwitterFacebook, and YouTube for more cybersecurity news and topics.

Author Profile

Madalina Popovici

Digital PR Specialist

linkedin icon

Madalina, a seasoned digital content creator at Heimdal®, blends her passion for cybersecurity with an 8-year background in PR & CSR consultancy. Skilled in making complex cyber topics accessible, she bridges the gap between cyber experts and the wider audience with finesse.

CHECK OUR SUITE OF 11 CYBERSECURITY SOLUTIONS

SEE MORE