The Dole Food Company revealed in an SEC filing Wednesday that employee data was accessed during last month's ransomware attack.
“In February of 2023, Dole was the victim of a sophisticated ransomware attack involving unauthorized access to employee information,” the shareholder document stated.
The attack forced the manufacturer to stop production at all its North American facilities, causing a packaged lettuce shortage at US grocery stores and a ruckus among brand enthusiasts.
At the time, Dole said it quickly shut down computer systems to contain the ransomware spread, and a manual backup program was in place if needed.
The brief explanation of the February 22 attack was listed in the 100-plus page report under the section titled Technology and Intellectual Property (IP) Risks.
The filing is a quarterly shareholder report required for all companies to file with the US Securities and Exchange Commission (SEC) if they are listed on the New York Stock Exchange.
“Upon detecting the attack, the company promptly took steps to contain the attack, retained the services of leading third-party cybersecurity experts and notified law enforcement,” the section stated.
“The February 2023 attack had a limited impact on Dole’s operations,” the statement ended.
The “limited impact” was enough that customers facing bare grocery shelves where Dole products were normally stocked took to social media to complain.
Overwhelmed with unhappy customers, a lone Texas grocery store alerted the public by posting a letter from Dole on its Facebook page.
Its contents revealed that the company was under attack and production had been halted.
The letter, from a senior VP at Dole’s fresh vegetables division, was sent to wholesale retailers almost two weeks before the company admitted to the attack.
In the weeks following, Dole has been tight-lipped about the particulars of the breach.
There is still no word on who was responsible, what kind of employee information was stolen, or if a ransom was ever paid.
The shareholder report went on to highlight the possible liabilities that can result from a cyber incident.
“If we do not develop, manage, maintain and secure our information technology systems appropriately, or do not effectively implement system upgrades, system migrations, or manage third-party service providers, our business or financial results could be adversely impacted,” the company said.
Dole is one of the world's largest producers of fresh fruits and vegetables, with over 250 production facilities worldwide.
Your email address will not be published. Required fields are markedmarked