Skip to content

Dole ransomware incident affected half of its legacy servers with direct costs reaching $10.5 million

May 22, 2023 – Published on Industrial Cyber

Food giant Dole plc said that the February cybersecurity incident that led it to be a victim of a sophisticated ransomware attack impacted approximately half of its legacy servers and one-quarter of its end-user computers. Additionally, the total impact to the company, including discontinued operations, was US$10.5 million for the three months ended March 31, 2023.

In its Form 6-K filing to the U.S. Securities and Exchange Commission, Dole confirmed last week that the attack also resulted in unauthorized access to certain Dole information, including information about certain employees, although Dole has no reason to believe any employee information was publicly released. 

The filing added that “upon detecting the attack, the Company promptly took steps to investigate and contain the attack, retaining the services of leading third-party cybersecurity experts. Dole also has been working with law enforcement. Dole experienced minimal operational impact from the attack, and all impacted servers and end-user computers have been restored or rebuilt. The total impact to the Company, including discontinued operations, was $10.5 million for the three months ended March 31, 2023.”

“The incident had a limited impact on our operations overall, however, it was disruptive for our Fresh Vegetables and Chilean businesses in particular,” Dole reported last week. “Direct costs related to the incident were $10.5 million of which $4.8 million related to continuing operations.”

It also added that “we see signs of improved logistical efficiencies in several areas, which is helping to bring more stability after a period of severe supply chain disruption.” 

Explaining how businesses can be more resilient to hacks, Mark Lance, vice president, DFIR and threat intelligence at GuidePoint Security, told Industrial Cyber that since there is no single solution that can prevent an incident, the primary goal for businesses should be establishing a security program that prioritizes early identification of threats, so they can be addressed as quickly as possible within the attack lifecycle. 

“Identifying a successful phishing attempt hours after it occurred and taking immediate actions to remediate will have substantially less impact than identifying that same threat actor days later, after they’ve moved laterally, elevated privileges, established persistence, removed sensitive data from your environment, and are staging for a ransomware encryption event,” he added.

Read More HERE.