The world’s biggest meat supplier has become the latest casualty of a cybersecurity attack, posing a fresh threat to global food security already rattled by the COVID-19 pandemic.
JBS SA shut its North American and Australian computer networks after an organized assault on Sunday on some of its servers, the company said by email. Without commenting on operations at its plants, JBS said the incident may delay certain transactions with customers and suppliers.
The attack sidelined two shifts and halted processing at one of Canada’s largest meatpacking plants, while the company canceled all beef and lamb kills across Australia, industry website Beef Central said. Some kill and fabrication shifts have also been canceled in the U.S., according to a union Facebook post.
Hackers now have the commodities industry in their crosshairs with the JBS attack coming just three weeks after the operator of the biggest U.S. gasoline pipeline was targeted. It’s also happened as the global meat industry battles lingering COVID-19 absenteeism after recovering from mass outbreaks last year that saw plants shut and supplies disrupted.
The cyber assault affected a Canadian beef plant in Brooks, Alberta, about 190 kilometers (118 miles) east of Calgary, on Monday, according to Scott Payne, spokesman for United Food and Commercial Workers Canada Union Local 401. The facility accounts for more than a quarter of the nation’s capacity, and according to a job ad, processes about 4,200 head of cattle a day.
“There are no unionized workers there,” Payne said in a phone interview. “That means effectively the plant’s operations have shut for the day.” JBS didn’t respond to requests for comment on the Canadian closure.
A JBS packaging facility in Belleville, Ontario, where beef, pork and salmon are prepared for grocery stores, was operating normally, said Tim Deelstra, a spokesman for UFCW Canada Local 175. In the U.S., the UFCW Local 7 posted on Facebook that kill and fabrication shifts A and B had been canceled for June 1. The Local 7 membership includes 3,000 workers at JBS in Greeley, Colorado.
Sao Paulo-based JBS owns facilities in 20 countries. Australia and New Zealand account for 4% of the company’s revenue, while the U.S. represents 50% and Canada 3%, according to company fillings. The company also has operations in South America and Europe.
Backup servers fine
Backup servers were not affected, and the company is actively working to restore systems as soon as possible, according to a statement from JBS USA Monday. The processor said it’s not aware of any customer, supplier or employee data being compromised or misused.
A ransom-ware attack forced Colonial Pipeline Co. to stop the flow of fuel for several days in May, causing severe gasoline shortages.
The Australian Cyber Security Centre is providing technical assistance to JBS, while Agriculture Minister David Littleproud has said the government is working with international partners trying to trace, rectify and prosecute where possible, those who perpetrated the attack.
JBS is the largest Australian meat and food processor with a portfolio of beef, lamb, pork, and value-added branded products, according to its website. It exports to more than 50 countries and its Dinmore facility is the biggest beef plant in the southern hemisphere. On the domestic market, the Australian Meat Industry Council said there is no indication that the attack will have a major impact on red meat and pork products supply.
Still, the shutdown is a big concern for exports if it drags on, said Matt Dalgleish, manager of commodity markets insights at Thomas Elder Markets, noting Australia ships overseas about 70%-75% of red meat products from sheep and cattle. There is a risk to worldwide supplies too.
“If it’s a short term scenario, just a week or something that they’re offline, then it’s probably just a minimal hiccup,” said Dalgleish. But “given the size of JBS globally, if they were offline for any more than a week, then we’re going to see disruption to supply chains for sure,” he said.