Cyber Incident Victim: Dole plc
Date:
Feb 2023
Location:
United States of America
Summary
Dole plc experienced a ransomware attack that significantly disrupted operations, causing production shutdowns across North American facilities and halting shipments of its products. The company engaged third-party experts to remediate impacted systems and informed law enforcement, initially describing the attack’s scope as limited despite evidence of widespread effects, including manual backup protocols to restore partial operations. The incident led to reported shortages of prepackaged salads in retail stores due to distribution delays.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 2 techniques |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
Dole Food Company, one of the world’s largest producers and distributors of fresh fruit and vegetables with approximately 38,000 employees and $6.5 billion in annual revenue, announced on February 17, 2023, that it was responding to a ransomware attack impacting its operations. The company characterized the impact as limited but confirmed it was investigating the full scope of the incident. Dole engaged third-party cybersecurity experts to assist with remediation efforts and securing affected systems while notifying law enforcement authorities of the attack. Internal evidence suggested the attack occurred on or around February 9, 2023, though the company did not publicly disclose the precise timeline. Despite Dole's official statement downplaying the severity, a leaked memo circulated via a Texas-based grocery store’s Facebook page revealed that the company had shut down its North American production facilities and suspended all shipments. This operational halt coincided with consumer reports of prepackaged salad shortages across retail stores for over a week prior to the announcement.
The cyberattack forced Dole to implement its crisis management protocol, including a "Manual Backup Program" to resume partial operations through non-digital processes. Production plants across North America remained non-operational for at least one full business day following the attack, and shipping activities were frozen during this period. The manual recovery measures allowed gradual resumption of production and distribution, though at reduced efficiency compared to normal automated operations. The operational disruption impacted supply chains sufficiently to cause visible shortages of Dole products on store shelves, with multiple customer complaints documented before the company acknowledged the incident publicly. Dole declined to provide additional details beyond its initial statement when contacted by media outlets, offering no clarification regarding the ransomware group involved, specific systems compromised, or financial repercussions. The company maintained silence on whether customer/personnel data was accessed during the breach and did not disclose projected recovery timelines or quantify operational losses resulting from the attack.