Cyber Incident Victim: Monsanto

In March 2014, Monsanto’s Precision Planting division, a manufacturer of specialized farming equipment, suffered a server breach compromising personal data of approximately 1,300 customers and employees. Attackers accessed files containing customer names, addresses, tax identification numbers—some of which were Social Security Numbers—and financial account information. Employee HR records were also exposed, including W2 tax forms with names, addresses, Social Security numbers, and driver’s license numbers for a small subset of staff. Precision Planting senior counsel Reuben Shelton notified the Maryland Office of the Attorney General that the intrusion did not appear to target client or employee data, though unauthorized access to sensitive files remained possible. Monsanto confirmed farming data collected for its big-data intelligence services remained secure on separate systems. The company initiated credit monitoring services for one year for affected individuals and launched a review of its security infrastructure to prevent future incidents.

Monsanto had been repeatedly targeted by hacktivist groups prior to this incident. In 2011, Anonymous leaked personal details of 2,500 employees. In January 2014, actors under #operationgreenrights claimed to have exfiltrated 1,800 credentials from Monsanto and other firms, later releasing 48 database records with login information. While the March 2014 breach did not involve agricultural data, it underscored persistent vulnerabilities in systems handling personally identifiable information. The company’s notification emphasized the exposure of tax and financial details but did not specify the breach’s duration or initial detection method. No evidence suggested misuse of the stolen data at the time of disclosure.