Lactaid, a brand of lactose-free milk, is missing from the shelves of supermarkets like Costco and Publix. The reason: a cyberattack.
HP Hood Dairy, owner of Lactaid, did not release details, but cyber experts say it was likely a ransomware attack. The attack happened about two weeks ago and Hood took all of its factories offline “out of an abundance of caution,” wrote Sarah Barrow, a company spokeswoman, in an email to Quartz on Thursday. Factories are now operational, but some customers may expect a temporary delay in finding Lactaid products in stores.
Hood Dairy is the latest victim in a series of high-profile attacks on U.S. food manufacturers, contributing to shortages amid tight supply chains and high prices. In October 2021, a cyberattack hit factories and distribution centers belonging to Schreiber Foods, one of Wisconsin’s largest cheese makers, which closed five days. That left New York bagel shop owners scrambling to find schmear. In the summer of 2021, a cyberattack on JBS, the world’s largest meat producer, forced the closure of all its beef plants in the United Stateswhat process almost a fifth of the country’s meat supply.
Why do attacks on food companies happen?
If successful, cyberattacks on large food manufacturers generate significant profits, said Ken Westin, director of security strategy at Cybereason, a cybersecurity firm. JBS paid a ransom of $11 million in bitcoins to limit the potential impact on restaurants, grocery stores and farmers, reports the Wall Street Journal.
Attacks on food companies are largely ransomware attacks, in which organizations are blocked from accessing critical information. This could prevent companies from directing trucks where to go or processing invoices, said Bob Rudis, chief data scientist at Rapid 7, a cybersecurity firm.
Fresh food makers, who are not tech-savvy, are particularly vulnerable, Rudis said, because if they close, no revenue is generated and the product can spoil quickly. Paying a ransom is “unfortunately what happens in many cases”, he said.
The increase in ransomware cases in the United States
In 2021, ransomware attacks increased by 105% from the previous year to reach 623.3 million worldwide, more than triple the number in 2019, according to to SonicWall, an Internet cybersecurity company. Attacks are most prevalent in the United States, followed by the United Kingdom.
Hackers used to steal basic personal credit card information, Rudis said. But that got harder as credit companies got more sophisticated, adding chips and other security measures. In search of a new business model, hackers have discovered that many organizations fall short when it comes to cybersecurity, he said.
Construction began around 2016 with a focus on schools, municipalities and hospitals. A large company like JBS has more capacity for a large payout, Rudis said. “So true [they are] good entrepreneurs when you think about it,” he said.
There are fears the attacks could be attributed to Russian hackers aiming to disrupt supply chains, which could have a disastrous impact on the US economy. “It could be kind of seen on the Russian side as retribution for the sanctions imposed on their own country,” Westin said. “It’s something we should be very concerned about now.”