Arla Foods, a global dairy cooperative headquartered in Denmark, has confirmed a cyberattack that temporarily disrupted production at its Upahl, Germany facility, leading to delivery delays and potential product cancellations. The incident was first reported late last week and has since prompted emergency IT containment and recovery efforts.
The company clarified that only the Upahl site was impacted and emphasized that production at its other locations across Europe and beyond remained unaffected. However, disruptions at even one major plant could impact the firm’s logistics and distribution chains.
Suspicious IT Activity Triggers Operational Shutdown
In a statement to BleepingComputer, an Arla Foods spokesperson revealed the attack was detected following suspicious activity in the IT systems at the Upahl dairy site. As a safety precaution, the company temporarily halted production while it initiated mitigation protocols and began forensic investigations.
“Due to the safety measures initiated as a result of the incident, production was temporarily affected,” said the spokesperson.
The cyberattack has not been officially classified, and no further details about data encryption, exfiltration, or ransomware involvement have been disclosed by Arla. The company declined to confirm whether any data was stolen or encrypted. As of now, no Arla-related breach has been reported on any known ransomware extortion portals.
Arla Working Toward Full Restoration at Affected Site
Arla Foods told BleepingComputer that full operations at the Upahl facility are expected to resume within days.
“Since then, we’ve been working diligently to restore full operations. We expect to return to normal operations at the site in the next few days,” the company stated.
While most Arla sites remain unaffected, the Upahl shutdown has caused downstream disruption, particularly for local and regional delivery schedules.
The company has begun notifying impacted customers about the potential for product delays and order cancellations. These notifications are critical for Arla’s retail and B2B customers, which span multiple geographies.
High-Profile Dairy Brand with Global Reach
Arla Foods is among the largest dairy producers in Europe and is owned by a cooperative of 7,600 farmers. The company employs over 23,000 people across 39 countries and reports annual revenues of €13.8 billion ($15.5 billion).
Its prominent consumer brands include Arla, Lurpak, Puck, Castello, and co-branded Starbucks dairy products, with product distribution across 140 countries. Given the scale of its operations, even localized cyberattacks have the potential to create ripples in its complex supply chain.
Nature of the Attack Still Unclear
As of now, Arla has not attributed the incident to any known threat group and there is no confirmation of ransomware involvement. The absence of a listing on data leak sites suggests the attack may have been either a failed ransomware attempt or another form of targeted disruption.
The incident aligns with a growing pattern of cyberattacks targeting critical infrastructure and food production facilities, sectors that are increasingly vulnerable due to digital transformation and reliance on just-in-time logistics models.
Arla has not commented on whether it engaged external cybersecurity consultants or law enforcement but stated it continues to prioritize the safety and security of its IT systems and customers as part of ongoing incident response measures.
