Fresh produce giant Dole Food Company has confirmed threat actors behind a February ransomware attack have accessed the information of an undisclosed number of employees.
Dole employs around 38,000 people worldwide, providing fresh fruits and vegetables to customers in more than 75 countries.
The company revealed that last month’s cyberattack directly impacted its employees’ information in the annual report filed with the U.S. Securities and Exchange Commission (SEC) on Wednesday.
“In February of 2023, we were the victim of a sophisticated ransomware attack involving unauthorized access to employee information,” Dole said in the filing.
“Upon detecting the attack, we promptly took steps to contain the attack, retained the services of leading third-party cybersecurity experts and notified law enforcement.”
Dole disclosed the ransomware attack on February 22 and said it had a limited impact on its operations.
The attack was disclosed after customers complained about delays and shortages of Dole products on store shelves for over a week.
A memo sent to American stores leaked online by Texan Stewart’s grocery store said that Dole would implement a crisis management protocol that included what was described as the “Manual Backup Program.”
This likely meant that the company would return to manual operations, which would’ve helped resume production and shipments, although at a much slower pace.
“All our businesses are implementing our Crisis Management Protocol to resume ‘business as usual’ post haste, inclusive of our Manual Backup Program if needed. Please bear with us as we navigate our way and hopefully we will minimize this event,” Dole said.
While the company said the ransomware attack had limited impact, it was forced at the time to shut down production plants across North America.
“Dole Food Company is in the midst of a cyberattack, and [we] have subsequently shut down our systems throughout North America. Our plants are shut down for the day, and all shipments are on hold,” the memo reads.