Why Minnesota's food companies could be vulnerable to cyberattacks
Minnesota is home to quite a few giant food companies, including meatpackers and other food processing companies vulnerable to cyberattacks.
Photo by David McNew | Getty Images 2017
Go Deeper.
Create an account or log in to save stories.
Like this?
Thanks for liking this story! We have added it to a list of your favorite stories.
Audio transcript
CATHY WURZER: General Mills, Land O'Lakes, Hormel. Sound familiar, right? Minnesota's home to quite a few giant food companies. Here's something you might not know. Meatpackers and other food processing companies are vulnerable to cyberattacks. That's what our next guest found when she dug into records following one hack of a high profile company.
Now you might remember the attack on Colonial Pipeline in May of 2021. It led to gas shortages and emergency declarations in several states. Just weeks after that attack, hackers forced JBS, one of the largest meat companies in the world, to halt operations. Then JBS paid an $11 million ransom.
Well that prompted reporter Madison McVan to look deeper. She covers the meat industry for the news organization Investigate Midwest. And Madison's on the line right now. Thanks for taking the time.
MADISON MCVAN: Thank you, Cathy.
CATHY WURZER: When you heard about the JBS situation, what questions did that attack raise for you?
MADISON MCVAN: I really wanted to know what was going on behind the scenes, both at JBS and at the Department of Homeland Security in the aftermath of this attack. The only information that was out there at the time was what had been publicly released by authorities and by the company. But cybersecurity attacks are really sensitive. There's a lot that the public doesn't really know about them. So I put in a public records request with the Department of Homeland Security to try and learn more about what was really going on.
CATHY WURZER: We've had these most recent attacks on school districts. Why would a meatpacking company like JBS be a potential target for a ransomware attack?
MADISON MCVAN: One expert I spoke to during my reporting process on this article pointed out a few reasons why really various industries, including the food processing industry, might be a target of an attack. One thing that these hacking groups look for is places that rely heavily on our computer system. So we saw that with the Rochester School District. But that depends on their computers for everyday operations.
And when it comes to food processing, these plants are so automated and they rely on a just in time system to get this food processed efficiently, that any disruption to their computer system would have detrimental effects on their business. So they have an incentive to pay a ransom in order to get online quickly.
CATHY WURZER: Is the industry as a whole vulnerable to these kinds of attacks? Or was it something about GBS?
MADISON MCVAN: Yeah. The answer to both your questions is yes. In terms of food companies, generally, like I mentioned, there's a lot of pressure to keep operations moving quickly. And with food in particular, you don't want things to spoil, right? So not being able to run your plant for a while could cause a loss of product.
Another way that these hackers leverage companies to pay their ransom is by exfiltrating data. So if these hackers can get into the system, not only will they shut down the computers, they will also steal proprietary information, like recipes or consumer information that they can leverage to get the company to pay the ransom. And food manufacturing and also other types of manufacturing have lots of devices connected to the internet. All kinds of sensors and switches. Even security cameras are all connected to the same network. And any vulnerability in any of those devices, a lot of which are older than maybe the desktop computers that people are using in their offices, make these companies more vulnerable.
In terms of JBS, I know from the emails I received that they had a number of malware infections that were not resolved. And also some of their employees had used their work credentials, like their username and password they used for work, at other websites. And so those were leaked to the dark website via another data breach. And that could have been another way that hackers got into JBS's systems.
CATHY WURZER: So and JBS obviously didn't have a very robust protections for its IT system. I'm wondering, has Minnesota-- because we do have other plants here, obviously-- seen other cyberattacks to food processors?
MADISON MCVAN: It's hard to say, because these incidents are generally not spoken about publicly. Companies have no incentive to share this information, because it could damage their reputation, it could damage consumers' willingness to buy their products. And there's no mandatory reporting for these kinds of things when it comes to the government.
There was an attack I believe also in 2021 of a grain elevator. Again, another in the agricultural world, where logistics are very important to keep track of things like prices, et cetera. So we have seen other attacks in Minnesota. But the true number of them is really unknowable at this point by the public.
CATHY WURZER: Are companies beefing up their cybersecurity?
MADISON MCVAN: I think the JBS attack and some of the other attacks are making companies more aware of this issue. The FBI released what's called a private industry notification. It's essentially a warning to the food and agriculture industry back in 2021, saying that the number of cyber attacks in the food and agriculture sector is increasing. And I think that also had the impact of driving up awareness.
It's tough, though, for companies, because it's expensive to upgrade your entire internet infrastructure, including some of the hardware and the software and all those little switches and devices that are within a plant. And consumers don't really know the difference. It doesn't necessarily have an impact on the product. So companies might think it's a gamble worth taking. If they do get hacked, maybe the ransom isn't as expensive as upgrading their entire computer system would be.
CATHY WURZER: Because the JBS ransom attack raised your antenna and it prompted you to look a little deeper, usually there are, of course, tentacles to stories like this one. Are you looking at any other industries in the Midwest that could also be vulnerable?
MADISON MCVAN: I'm not at the moment. I focus on the meat industry currently. But I'm certainly interested in this topic.
CATHY WURZER: I bet you are. Well, thank you for your time. You dug deep, and I appreciate it. Thank you.
MADISON MCVAN: Thank you so much, Cathy.
CATHY WURZER: Madison McVan is an investigative reporter for the news organization Investigate Midwest.
Now you might remember the attack on Colonial Pipeline in May of 2021. It led to gas shortages and emergency declarations in several states. Just weeks after that attack, hackers forced JBS, one of the largest meat companies in the world, to halt operations. Then JBS paid an $11 million ransom.
Well that prompted reporter Madison McVan to look deeper. She covers the meat industry for the news organization Investigate Midwest. And Madison's on the line right now. Thanks for taking the time.
MADISON MCVAN: Thank you, Cathy.
CATHY WURZER: When you heard about the JBS situation, what questions did that attack raise for you?
MADISON MCVAN: I really wanted to know what was going on behind the scenes, both at JBS and at the Department of Homeland Security in the aftermath of this attack. The only information that was out there at the time was what had been publicly released by authorities and by the company. But cybersecurity attacks are really sensitive. There's a lot that the public doesn't really know about them. So I put in a public records request with the Department of Homeland Security to try and learn more about what was really going on.
CATHY WURZER: We've had these most recent attacks on school districts. Why would a meatpacking company like JBS be a potential target for a ransomware attack?
MADISON MCVAN: One expert I spoke to during my reporting process on this article pointed out a few reasons why really various industries, including the food processing industry, might be a target of an attack. One thing that these hacking groups look for is places that rely heavily on our computer system. So we saw that with the Rochester School District. But that depends on their computers for everyday operations.
And when it comes to food processing, these plants are so automated and they rely on a just in time system to get this food processed efficiently, that any disruption to their computer system would have detrimental effects on their business. So they have an incentive to pay a ransom in order to get online quickly.
CATHY WURZER: Is the industry as a whole vulnerable to these kinds of attacks? Or was it something about GBS?
MADISON MCVAN: Yeah. The answer to both your questions is yes. In terms of food companies, generally, like I mentioned, there's a lot of pressure to keep operations moving quickly. And with food in particular, you don't want things to spoil, right? So not being able to run your plant for a while could cause a loss of product.
Another way that these hackers leverage companies to pay their ransom is by exfiltrating data. So if these hackers can get into the system, not only will they shut down the computers, they will also steal proprietary information, like recipes or consumer information that they can leverage to get the company to pay the ransom. And food manufacturing and also other types of manufacturing have lots of devices connected to the internet. All kinds of sensors and switches. Even security cameras are all connected to the same network. And any vulnerability in any of those devices, a lot of which are older than maybe the desktop computers that people are using in their offices, make these companies more vulnerable.
In terms of JBS, I know from the emails I received that they had a number of malware infections that were not resolved. And also some of their employees had used their work credentials, like their username and password they used for work, at other websites. And so those were leaked to the dark website via another data breach. And that could have been another way that hackers got into JBS's systems.
CATHY WURZER: So and JBS obviously didn't have a very robust protections for its IT system. I'm wondering, has Minnesota-- because we do have other plants here, obviously-- seen other cyberattacks to food processors?
MADISON MCVAN: It's hard to say, because these incidents are generally not spoken about publicly. Companies have no incentive to share this information, because it could damage their reputation, it could damage consumers' willingness to buy their products. And there's no mandatory reporting for these kinds of things when it comes to the government.
There was an attack I believe also in 2021 of a grain elevator. Again, another in the agricultural world, where logistics are very important to keep track of things like prices, et cetera. So we have seen other attacks in Minnesota. But the true number of them is really unknowable at this point by the public.
CATHY WURZER: Are companies beefing up their cybersecurity?
MADISON MCVAN: I think the JBS attack and some of the other attacks are making companies more aware of this issue. The FBI released what's called a private industry notification. It's essentially a warning to the food and agriculture industry back in 2021, saying that the number of cyber attacks in the food and agriculture sector is increasing. And I think that also had the impact of driving up awareness.
It's tough, though, for companies, because it's expensive to upgrade your entire internet infrastructure, including some of the hardware and the software and all those little switches and devices that are within a plant. And consumers don't really know the difference. It doesn't necessarily have an impact on the product. So companies might think it's a gamble worth taking. If they do get hacked, maybe the ransom isn't as expensive as upgrading their entire computer system would be.
CATHY WURZER: Because the JBS ransom attack raised your antenna and it prompted you to look a little deeper, usually there are, of course, tentacles to stories like this one. Are you looking at any other industries in the Midwest that could also be vulnerable?
MADISON MCVAN: I'm not at the moment. I focus on the meat industry currently. But I'm certainly interested in this topic.
CATHY WURZER: I bet you are. Well, thank you for your time. You dug deep, and I appreciate it. Thank you.
MADISON MCVAN: Thank you so much, Cathy.
CATHY WURZER: Madison McVan is an investigative reporter for the news organization Investigate Midwest.
Download transcript (PDF)
Transcription services provided by 3Play Media.