In June, the Dairy Farmers of America (DFA), a Kansas-based dairy cooperative with 19,000 employees and $24.5 billion in revenue, fell victim to a ransomware attack by the Play ransomware gang. The cybercriminals breached the company’s systems via a sophisticated social engineering campaign, exfiltrating sensitive personal data of 4,546 individuals, including names, Social Security numbers, driver’s license/ID numbers, dates of birth, bank account details, and Medicare/Medicaid numbers. The attack disrupted operations across multiple manufacturing plants within DFA’s network. While the investigation concluded on September 15, the incident exposed critical employee and member data, prompting the company to offer two years of identity protection services to victims. The Play gang, linked to over 900 attacks globally, has targeted high-profile entities like cities and counties, exacerbating concerns over rising cyber threats in the food and agriculture sector, which saw 84 attacks in Q1 2024 double the previous year’s figure. The breach underscores vulnerabilities in supply chain security and the escalating risks of data exfiltration paired with operational disruption in critical industries.
Source: https://therecord.media/dairy-farm-leaked-info-ransomware
TPRM report: https://www.rankiteo.com/company/dairy-farmers-of-america
"id": "dai3402134101725",
"linkid": "dairy-farmers-of-america",
"type": "Ransomware",
"date": "6/2024",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': '4,546 individuals (employees '
'and cooperative members)',
'industry': 'Food and Agriculture',
'location': 'Kansas, USA',
'name': 'Dairy Farmers of America (DFA)',
'size': '~19,000 employees; 9,500 farmer-owners; $24.5 '
'billion revenue (2022)',
'type': 'Farmer-owned dairy cooperative'}],
'attack_vector': 'Sophisticated social engineering campaign',
'customer_advisories': 'Letters sent to breach victims offering identity '
'protection services',
'data_breach': {'data_encryption': True,
'data_exfiltration': True,
'number_of_records_exposed': 4546,
'personally_identifiable_information': True,
'sensitivity_of_data': 'High (includes SSNs, financial, and '
'healthcare-related data)',
'type_of_data_compromised': ['Personally Identifiable '
'Information (PII)',
'Financial Data (bank account '
'numbers)',
"Government-Issued IDs (driver's "
'license, Medicare/Medicaid '
'numbers)']},
'date_detected': 'June 2023 (exact date unspecified; discovered two days '
'after attack began)',
'date_publicly_disclosed': 'June 2023 (initial confirmation to Dairy Herd '
'Management); September 2023 (breach notifications '
'filed with Maine regulators)',
'date_resolved': 'September 15, 2023 (investigation completed)',
'description': 'The Dairy Farmers of America (DFA) experienced a ransomware '
'attack in June, leading to the breach of personal information '
'of 4,546 employees and cooperative members. The Play '
'ransomware gang claimed responsibility. The stolen data '
"included names, Social Security numbers, driver's license "
'numbers, dates of birth, bank account numbers, and '
'Medicare/Medicaid numbers. The attack disrupted operations at '
'multiple manufacturing plants, and the organization '
'discovered the breach two days after it began. Victims were '
'offered two years of identity protection services.',
'impact': {'brand_reputation_impact': 'Potential reputational damage due to '
'high-profile breach and ransomware '
'attack',
'data_compromised': ['Names',
'Social Security numbers',
"Driver's license or state-issued ID numbers",
'Dates of birth',
'Bank account numbers',
'Medicare or Medicaid numbers'],
'identity_theft_risk': 'High (personal data of 4,546 individuals '
'exposed)',
'operational_impact': 'Disruption at manufacturing plants; '
'encrypted devices and data exfiltration',
'payment_information_risk': 'High (bank account numbers '
'compromised)',
'systems_affected': "Multiple manufacturing plants within DFA's "
'network'},
'initial_access_broker': {'entry_point': 'Social engineering campaign'},
'investigation_status': 'Completed (as of September 15, 2023)',
'motivation': 'Financial gain (ransomware); data exfiltration for extortion',
'post_incident_analysis': {'root_causes': 'Successful social engineering '
'attack leading to unauthorized '
'network access and data '
'exfiltration'},
'ransomware': {'data_encryption': True,
'data_exfiltration': True,
'ransomware_strain': 'Play Ransomware'},
'references': [{'date_accessed': 'June 2023',
'source': 'Dairy Herd Management (outlet)'},
{'date_accessed': '2023',
'source': 'FBI Advisory on Play Ransomware (2023 update)'},
{'date_accessed': '2023/2024',
'source': 'Food and Ag-ISAC (Cyber Information Sharing '
'Organization)'},
{'date_accessed': 'September 2023',
'source': 'Breach notification letters to victims (DFA)'}],
'regulatory_compliance': {'regulatory_notifications': 'Filed with Maine '
'regulators (and '
'potentially others)'},
'response': {'communication_strategy': 'Breach notifications filed with '
'regulators (e.g., Maine); letters '
'sent to victims',
'incident_response_plan_activated': True,
'recovery_measures': 'Offered two years of identity protection '
'services to victims'},
'threat_actor': 'Play Ransomware Gang',
'title': 'Dairy Farmers of America Ransomware Attack and Data Breach',
'type': ['Ransomware Attack', 'Data Breach']}