Ransomware, Threat Management

Dole now says February attack spilled employee data

crippling cyberattack against Dole Food Company

Data tied to a crippling cyberattack against Dole Food Company, which resulted in a reported temporary shutdown of its North American production facilities, included employee personal identifiable information. In a Wednesday Dole Securities and Exchange Commission (SEC) filing, the food giant disclosed the ransomware attack involved the unauthorized access to employee information.

According to a SEC regulatory (20-F) disclosure on Wednesday Dole stated the attack “involved unauthorized access to employee information.”

“In February of 2023, we were the victim of a sophisticated ransomware attack,” according to Dole. “The February 2023 attack had a limited impact on our operations.”

On Feb. 22, when the Dole ransomware attack was first made public, CNN reported that Emanuel Lazopoulos, senior vice president at Dole's Fresh Vegetables division, sent a memo on Feb. 10 memo to retailers stating "Dole Food Company is in the midst of a Cyber Attack and have subsequently shut down our systems throughout North America."   

Dole hasn’t disclosed any additional details tied to the attack or specifics on the type of employee data exfiltrated.

An image of a Dole memo posted to social media on Feb. 17 by a Stewart's Food Store, in Olney, Texas stated a cyberattack against Dole shut down systems and put shipments on hold. CNN reported grocery stores were unable to receive Dole Chopped Sesame to Dole Butter Bliss salad kits.

In related efforts to prevent attacks on food distribution networks, a December alert issued by the Federal Bureau of Investigation, the Food and Drug Administration Office of Criminal Investigations and the U.S. Department of Agriculture, warned of an uptick in attacks.

It stated that federal agencies have “recently observed incidents of criminal actors using business email compromise (BEC) to steal shipments of food products and ingredients valued at hundreds of thousands of dollars.”

Avishai Avivi, chief information security officer at SafeBreach, pointed out that although little information has been provided about the actual breach, based on Dole's action to shut down its system across North America, Avivi believes that the breach involved lateral movement. Avivi said this action indicates either poor segmentation of Dole's networks, or the attack hit a core service shared throughout the North American systems. “Considering Dole's organized response, I would lean toward the latter,” said Avivi.

No information has been reported on the details of a ransom note or data exfiltration threat.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.