Dole said a February ransomware attack cost $10.5 million in direct costs, it said in its first quarter earnings report Thursday. About $4.8 million of those costs were related to continuing operations.
The attack had a limited overall impact on its operations, with the main disruption occurring on its fresh vegetables and Chilean business. The company’s fresh vegetable business incurred about $5.7 million in costs related to the attack, CEO Rory Byrne said during the quarterly conference call Thursday.
“Despite the complexity and costs of this issue, we are very pleased with the commitment of our people in ensuring that our systems recovery protocols worked as anticipated,” Byrne said.
The attack impacted half of the Dole legacy company’s servers and one-quarter of its end-user computers, according to a 6-K filing with the Securities and Exchange Commission.
The threat actors also stole some company data, including information on certain employees. Dole officials, in the filing, said there’s no evidence employee data has been released.
Dole Food Co. merged with Total Produce in 2021 to form Dole plc, the world’s largest produce company. The combined company is based in Dublin.
Dole said all impacted servers and end-user computers have been restored or rebuilt since the attack. Dole said it retained third-party cybersecurity experts to help investigate and recover from the attack and the company has also been cooperating with law enforcement.
Byrne in March warned the company did not expect to fully recover the costs of the attack, noting the ability to get sufficient insurance in the North American was prohibitive.