Multinational agricultural giant Dole plc has disclosed that those behind a ransomware attack that shut down production facilities in the U.S. last month accessed employee information.
First reported by Bleeping Computer, the disclosure was made in a Securities and Exchange Commission filing. Dole said in the filing that it was “the victim of a sophisticated ransomware attack involving unauthorized access to employee information” and that it had taken steps to contain the attack, including hiring a third-party cybersecurity company and informing law enforcement.
The ransomware attack resulted in a salad shortage across the U.S. last month, although Dole said at the time and claimed again in its filing that the attack only had a limited impact on its facilities. However, as was reported last month, that’s not what it was telling its suppliers.
Dole said in a memo sent to retailers on Feb. 10 that a temporary shutdown of production plants also resulted in a halt of food shipments to grocery stores. “Dole Food Company is in the midst of a Cyber Attack and have subsequently shut down our systems throughout North America,” Emanuel Lazopoulos, senior vice president at Dole’s Fresh Vegetables division, said in the memo. That does not match Dole describing the impact as minimal.
Grocery stores in Texas and New Mexico had no Dole salad kits on their shelves for days following the shutdown and companies including Taco Bell Corp., Chick-fil-A Inc., Panera LLC and Subway were also affected by lettuce shortages.
The company has revealed no details on the form of the ransomware attack or precisely what form of ransomware was involved. No ransomware gang has so far claimed responsibility for the attack.
“Although little information is provided about the actual breach, based on Dole’s action to shut down its system across North America, we can deduce that the breach had a lateral movement aspect, “Avishai Avivi, chief information security officer at cybersecurity company SafeBreach Inc., told SiliconANGLE. “This action would indicate either poor segmentation of Dole’s networks or the attack hit a core service shared throughout the North American systems.”