fb-pixelHackers hit Hood. Dairy shut down milk production this week after ‘cyber security event.’ - The Boston Globe Skip to main content

Hackers hit Hood. Dairy shut down milk production this week after ‘cyber security event.’

Dairy says plants are ‘getting back up and running’ but N.H. school district warns milk supply could be delayed

The giant HOOD milk bottle outside of Boston Children's Museum. The beloved Boston-area dairy apparently fell victim to a cyberattack that prompted it to shut down production this week.David L. Ryan/Globe Staff

It’s not just passwords, credit card data, or personal records. Now, it appears the hackers have come for our milk and Hoodsies.

H.P. Hood Dairy said Friday that it was the target of a “cyber security event,” that forced it to temporarily shut its 13 dairy plants around the country this week. The closures meant Hood had to get rid of some dairy products, and the company warned there could be delivery delays for some customers as Hood’s facilities get “back up and running.”

A spokesperson for the Lynnfield-based company said Hood made the decision to halt production out of an “abundance of caution,” after learning late last week about an incident that affected its IT systems.

Advertisement



“We are grateful to our employees for their hard work and efforts and our customers for their patience and understanding,” spokeswoman Lynne Bohan wrote in a message to the Globe.

Hackers have long targeted organizations with sensitive information, such the federal government, or critical infrastructure like fuel distribution networks. Groups with ties to Russia are blamed for two prominent cyberattacks last year targeting the Colonial pipeline and the JBS meat packing facility, and there are growing fears of more from Moscow amid Russia’s war in Ukraine. But Hood’s struggles this week are a sign that cyberthreats can extend even to the most wholesome of consumer products. Not the even the 175-year-old maker of the Hoodsie is immune.

During the shutdown, Bohan said, Hood was unable to manufacture products or receive new raw materials, including milk. The company tried to divert its deliveries, but an unspecified amount of milk had to be “disposed of.”

Hood also asked its roughly 3,000 employees to refrain from using company-issued equipment while its “IT team and others” worked to resolve the issue.

Advertisement



It’s not clear whether Hood’s distribution to grocery stores was disrupted.

Bob Rudis, chief researcher at Boston cybersecurity firm Rapid7, said it will be difficult to speculate what happened at Hood until the company releases more information. But since the company called the situation a “cybersecurity event,” he said it was most likely an attack.

“That is pretty much what it sounds like,” he said. There are “a whole bunch of things attackers could have done to internal systems to have [Hood] say, ‘Shut everything down.’”

Hackers could have deployed a denial-of-service attack, which would make Hood’s internal network unavailable, caused its systems to reboot constantly, or introduced malware. Even if Hood was initially unaware of what caused the issue, Rudis said, it was smart for the company shut down its facilities and discourage employees from accessing company devices. That might have allowed Hood to contain the issue, rather than letting it cascade into a larger problem, which could take longer to fix.

From its mid-19th-century start in Charlestown, the increasingly national company has grown to generate about $2.7 billion in annual sales, with plants as far afield as Virginia and California. Hood sells milk products under its own brand name, as well as others, including Blue Diamond Almond Breeze, Planet Oat, and Green’s Ice Cream. Its products have fed generations of New Englanders, and its milk cartons are a common feature of school snack time across the region.

Representatives from CVS, Shaw’s, Star Market, and Stop & Shop — which sell Hood’s milk, ice cream, and sour cream in Boston — did not respond to questions about whether they expect product delivery delays.

Advertisement



But one school district in New Hampshire sounded the alarm earlier this week.

A spokesperson for the Contoocook Valley School District in Peterborough, N.H., said its food vendor, Fresh Picks Cafe, notified them on Tuesday that HP Hood had experienced a “significant cyber hack” that shut the business down.

Officials there posted a blog note notifying families of the situation, saying they would offer water or juice as a substitute if milk supplies ran out. After all, as the post put it, Hood is “the largest producer of milk in eight-ounce packaging” in the region.

“With school settings, you have to have 8-ounce cartoons,” a district spokesperson said Friday. “We can’t just go to the local dairy and pour glasses of milk.”

So far, Contoocook Valley still has a supply of milk for students. But to meet USDA guidelines for what counts as a reimbursable school lunch, the district sought a waiver from the state in case it is not able to obtain fresh milk due to the Hood disruption.

In Massachusetts, no schools have requested such a waiver or expressed concerns about the HP Hood milk situation to the Department of Elementary and Secondary Education, said spokesperson Colleen Quinn. And Michael DeAngelis, a spokesperson for New England Dairy, a Boston-based nonprofit that represents regional dairy farmers, said he does not anticipate any “shortages for milk for schools and other locations” because of the incident.

Advertisement



“Hood has been managing it,” DeAngelis said. “I know they have things back online.”

Though the Hood plants are functioning again, Rudis said most companies that manufacture goods have a manual backup systems, which are typically separate from their internal network. These manual plans are often used to protect against power outages or storms, but could also be helpful during a cyberattack, he said.

“They may have had a good plan,” he said, since it appears Hood’s facilities were down for only a few days. “That gives them time to deal with the internal system.”


Anissa Gardizy can be reached at anissa.gardizy@globe.com. Follow her on Twitter @anissagardizy8 and on Instagram @anissagardizy.journalism.