Bagged Lettuce Shortages Follow A Bizarre Cyberattack Against Dole

By now, grocery shoppers in the U.S. and beyond are used to the particular disappointment of seeing empty shelf space where their favorite products should be. 

Food shortages have swept even the wealthiest retailers in recent years, thanks to distribution and stockpiling issues spawned by the COVID-19 pandemic, climate-related produce scarcity, bird flus, and other unprecedented roadblocks. But February's shortage of Dole salad products has nothing to do with a warming planet or supply-chain backups. It has to do with hackers. 

To our knowledge, the terms "ransomware cyberattack" and "pre-packaged salad" have not appeared in the same sentence until now. According to a Feb. 10 memo from Dole Food Company senior vice president Emanuel Lazopoulos, first shared by CNN, the malicious software took over the corporation's computers, resulting in the temporary shutdown of its entire North America production system. Until the Dole IT team resolves the issue, customers will have to reach for a different brand of bagged lettuce and salad kits. 

Locked out

Dole may have tried to keep the ransomware attack under wraps, but the situation went public when two grocery stores — one in Texas and one in New Mexico — expressed concern over the lack of Dole salad products in their produce sections. The Texas store, Stewart's, shared an image of the Dole memo on its Facebook page in an effort to placate the curious-and-furious minds of its salad-loving customers. Meanwhile, the manager of the New Mexico store Clayton Ranch Market told CNN that his store has been out of Dole salad kits for about a week. 

According to the FBI, ransomware "prevents you from accessing your computer files, systems, or networks and demands you pay a ransom for their return." The malware often appears in the form of a harmless-looking link, also known as a phishing scam. 

A Dole spokesperson told CNN the company is working with law enforcement and "cooperating with their investigation." When people with suits and badges get involved, you know there's more than just salad at stake. 

Dole isn't alone

Dole isn't the first company to fall victim to ransomware and other production-compromising malware. In September of 2021, food-processing giant JBS USA was forced to cough up a whopping $11 million to the hackers that seized its system. "It was very painful to pay the criminals, but we did the right thing for our customers," CEO Andre Nogueira told The Wall Street Journal

David White, president of the cyber risk advisory firm Axio, shed light on just how dangerous these types of hacks can be. "The lack of separation between [a company's processing and business systems] — typically called segmentation — results in a 'monolithic' or single environment that can have different security requirements, attack vectors and ransomware impacts," he told Food Processing

As a result, a malicious email sent to an employee on the business side can also have an impact on production, as was the case for JBS, and now Dole. Hopefully, the latter won't have to sign as big of a check.