Costa Group's Corindi berries site data hacked

Fresh produce giant Costa says it experienced "a malicious and sophisticated IT phishing attack" on August 21.

The company has undertaken an "intensive recovery and detailed review" of the breach in conjunction with external IT security consultants.

According to a statement on the company's website, access to data was confined to a single server at the Costa Corindi (NSW) site, which holds data for the berry category.

It said only about 10 per cent of the data on the Corindi file server was accessed.

"These protective actions slowed operations, requiring the use of manual workarounds at certain sites and delayed some deliveries," the statement said.

"The impacts have largely subsided as we have restored the majority of our network and systems and there was no loss of data, and no material impact to operations, or earnings.

"Although only approximately 10pc of the data on the file server was accessed, it is not clear what specific data was accessed due to the hacker encrypting their downloads."

Costa operates principally in five core categories: berries, mushrooms, glasshouse tomatoes, citrus and avocados, covering more than 7200 planted hectares of farmland, 40 hectares of glasshouse facilities and three mushroom growing facilities across Australia.

It also has strategic foreign interests, with majority owned joint ventures covering six blueberry farms in Morocco and four berry farms in China, covering about 740 planted hectares.

Costa has assured clients, workers and investors that much of the information was stored on the server was not personal information, but there was still a possibility.

"However there is a risk that personal sensitive information of workers on Costa's Australian berry farms may have been accessed," it said.

"To date, there is no evidence that any personal information has been leaked or uploaded to any sites."

This includes employees directly hired by Costa's berry category since 2013 or provided by labour hire organisations since 2019.

With legal requirements surrounding the employment of citizens and non-citizens, certain records such as passport details, bank details, superannuation details and tax file numbers are kept on file.

Costa has notified the relevant authorities of this attack, including the Australian Cyber Security Centre and the Office of the Australian Information Commissioner.

COSTA has reportedly stepped up its digital protection against any further malicious attack, including limiting traffic to servers, increasing the level of end point protection and scheduling additional employee training relating to phishing and social engineering practices.

"To minimise impact to individuals from the attack, we have been and continue to conduct continuous monitoring of the dark web to detect if any information from the server has been posted," the Costa statement said.

"We can confirm to date, that we have not identified the publication of any such information. We will seek to notify you promptly if our monitoring processes detect this information via a further website posting on the Costa Group website."

The company has established a dedicated number (1300 282 470) and e-mail address (cybersecurity@costagroup.com.au) for any potentially impacted workers to contact who may have questions or concerns.

ACCORDING to cyber security expert and Forcepoint APAC strategy director Nick Savvides, the threat of cyber attacks was increasing as the agricultural sector becomes more automated and more devices are hooked up to networks.

"Agriculture is one of the critical industries; we depend on it to feed ourselves and to feed the world. That makes it an attractive target to cyber criminals," he said earlier this year.

IN OTHER NEWS:

Mr Savvides said cyber criminals pick victims based on several parameters.

Considerations included the likelihood of a business paying, ease of access to the environment and how critical the technologies are, and how prepared the business is to deal with an attack.

Mr Savvides said agricultural businesses were easy targets because generally they haven't spent much money on cyber security.

"They don't have the same level of sophistication, they don't have the same level of investment in security, they haven't traditionally considered themselves with such issues," he said.

In August, an Australian computer hacker managed to hack a John Deere tractor display by installing the 1990's video game Doom.

Costa is the latest agriculture company to be stung by a cyber security breach.

Last year, Russian hackers targeted the world's largest meat processing company, JBS causing a five-day shutdown of its meat processing plants in Australia, which affected 10,000 workers.

In 2020 Australia's wool sales and food and beverage company Lion's production both came to a halt due to separate attacks.

IT'S been a rough period for Costa, with its chief executive officer and managing director Sean Hallahan stepping down on September 26 having only come into the CEO role in March last year.

Mr Hallahan cited an "intense couple of years in agriculture made even more challenging with the overlay of the COVID-19 pandemic" as part of the process of reaching his decision.

Costa chairman Neil Chatfield said during Mr Hallahan had played a pivotal role in Costa's development and growth in the five years he had been with the organisation.

"We understand that the last two years, particularly in Victoria, have taken a large toll on the business and personal lives of individuals," Mr Chatfield said.

"Under Sean's leadership Costa has performed extremely well during a challenging period with global COVID-19 disruptions and extreme weather conditions being successfully navigated and is in a strong financial position."

Mr Hallahan said he was proud to leave Costa in a strong position financially and operationally.

"It has been a privilege to lead Costa and to have been part of an outstanding team of people for five years. I wish Costa and its employees all the best for the future," he said.

The company has appointed former CEO Harry Debney as interim CEO. Mr Debney led the organisation from from 2010 to April 2021.