Milk distribution was in disarray in Wisconsin this week as one of the state’s larger milk processors, Schreiber Foods, was victimized by hackers demanding a rumored $2.5 million ransom to unlock their computer systems.
A spokesman from Schreiber Foods in Green Bay said on Wednesday it had resumed accepting milk deliveries, producing dairy products and shipping products to customers five days after a "cyber event" halted operations at the company's plants and distribution centers.
The cyberattack on the dairy processor came just as the New York Times published a front-page article headlined “Russia restarts cyber operations, despite rebuke” – referring to Russian-linked hackers. The article, which appeared Monday, Oct. 25, outlines how “Russia’s premiere intelligence agency has launched another campaign” to pierce computer networks of the U.S. government, corporations and think tanks.
Wisconsin milk handlers and haulers reported getting calls from Schreiber on Saturday (Oct. 23) saying that the company’s computer systems were down and that their plants couldn’t take the milk that had been contracted to go there. Haulers and schedulers were forced to find alternate homes for milk. As the situation dragged into days, Wisconsin State Farmer has not been able to confirm any reports of milk getting dumped.
Many calls from Wisconsin State Farmer to Schreiber Foods, over several days, were not returned, but an email statement from Andrew Tobisch, director of communications for Schreiber Foods confirmed that the company had suffered a “cyber event.” He confirmed that it had impacted the company Friday night and that their team had succeeded in getting their systems back up and running by Monday.
In that statement, obtained Wednesday by the Green Bay Press Gazette, he said “we had a systems issue that impacted our plants and distribution centers. It did impact our ability to receive raw materials, ship product and produce product. We’ve made good progress in resolving the issue and our plants and distribution centers have begun to start up again.”
For employees at the Richland Center yogurt production plant, the first sign that something was wrong came when they were unable to get inside the building to go to work.
Tobisch said that he couldn’t go into specifics regarding a ransom request and did not confirm that ransom was demanded, but said the “cyber event” meant that the company’s plants and distribution centers couldn’t use the impacted systems, which they need to run. “It affected all our locations, but fortunately, we have a specialized response team that immediately jumped into action and began working to resolve the matter. As a result, we’ve made great progress, and our plants and distribution centers have begun to start up again.”
The spokesman said that the company is “receiving raw materials and most plants are up and running.”
Schreiber Foods makes natural cheese, processed cheese, cream cheese and yogurt, is an employee-owned company headquartered in Green Bay, Wisconsin. According to the company’s website, it has more than 30 locations around the world – in India, Czech Republic, Portugal, France, Mexico, Spain, Belgium, Brazil, Bulgaria, Germany and the United States.
The company’s Wisconsin plants include Richland Center, West Bend and Green Bay. The company, founded in 1945, has more than 8,000 employees.
“This is serious as hell,” said Pete Hardin, editor and publisher of The Milkweed, a national dairy monthly. “Schreiber is one of the nation’s big marketers of dairy products, including cheese and yogurt and their supply chain extends back to many Wisconsin cheese plants.
“On top of the supply chain and logistical headaches, the industry does not need this,” Hardin said.
Because of the cyberattack, Schreiber is unable to conduct normal ordering of inventories from its suppliers, some of whom confirmed that the hack was real. Milk is backed up at Schreiber facilities and the milk they normally would have taken into their plants ends up going on the market for “distressed” milk, Hardin added. “It’s a lose, lose, lose scenario – the farmer, the cooperative, the cheese plant and other companies that buy ingredients from Schreiber,” he said. “Maybe it’s more like four or five ‘loses’ in that equation.”
Computerized milk-handling systems are involved in raw milk intake at modern dairy plants and systems are responsible for testing raw milk, determining components of that milk as well as inventory, ordering and many other functions. “Everything is computer-controlled these days,” Hardin added. “You add up the numbers and there will be ripples statewide and nationwide that could affect retail and food service sectors as well as farmers and other milk plants.”
The hack highlights the vulnerability of dairy since the raw product is so perishable, he added.
“This is huge,” Hardin said.
It is huge because Schreiber is such a large dairy company. In recent years, Hardin said, the company had a market share of somewhere in the neighborhood of 75 percent of the yellow cheese that goes on fast-food burgers nationally and is a big supplier of sour cream for food service clients.
The upside Hardin added, is that Wisconsin has so many experienced and sophisticated dairy industry people that they take a “live and let live” attitude – helping others out now, knowing that one day they may need help from other industry peers.
Terry Hanson, general manager of Scenic Central Milk Producers Cooperative, confirmed that the Schreiber hack and shutdown were real and had taken place; some of his producers’ milk had to be sent to other dairy plants.
“I don’t know much other than it is real. It happened and it’s nationwide,” he told us.
There was another similar hack on a dairy plant, eight months ago that he was aware of. He questioned why companies want to put all their operations under one computerized system that makes it easier to hack.
As for the last few days, Hanson said some of the state’s dairy co-ops were most likely able to juggle their loads between their own plants but for service co-ops like Scenic Central, it was a bit more challenging. “If it had been planned, we could have handled it a lot better. And of course it happened on the weekend which is always tough,” he said.
Hanson said it was his understanding that Schreiber would be back up and running again on Wednesday, Oct. 27. “I sure hope so,” he added.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) lists food and agriculture as one of 16 critical infrastructure sectors. The agency is a standalone U.S. federal agency, founded in 2018, under the Department of Homeland Security’s oversight.
About a month ago, an Iowa grain cooperative was hacked by a Russian-linked hacking group “BlackMatter,” which demanded $5.9 million to unlock its data. New Cooperative Inc., based in Fort Dodge, proactively took its systems offline to contain the threat, the co-op told The Wall Street Journal.
In that hack, compromised data included financial information, legal and executive information and the source code for a soil mapping input management tool used by the co-op.
In the food and agriculture sector, the Iowa cooperative hack followed the cyberattack on meatpacking giant JBS in May, 2021, which disabled the Brazil-based company’s beef and pork slaughterhouses in the United States, Canada and Australia. Online sources reported that in the twelve months preceding the JBS ransomware attack, more than 40 additional attacks on food producers occurred. Some targets were as large as Molson Coors, the beer maker.
In the JBS hack, the company said it had paid an $11 million ransom to the cyber -criminals so that it could unlock operations in 13 of its meat processing plants and to prevent the destruction of critical data by the hackers.
In Wisconsin, one dairy source, speaking on condition of anonymity, told Wisconsin State Farmer that they knew of a hack that had hit a dairy business in Wisconsin around the time of World Dairy Expo – “and it wasn’t Schreiber.”