Arla Foods Acknowledges Cybersecurity Breach Impacting Production and Leading to Operational Delays

Publish date: 19.05.2025

Blog

19.05.2025

Arla Foods sign

Arla Foods has recently acknowledged that it suffered a cyberattack that has significantly disrupted its production operations. The company clarified that the attack specifically impacted its facility in Upahl, Germany, and anticipates that this disruption may lead to delays or cancellations of product deliveries.

“We can confirm that we have identified suspicious activity at our dairy site in Upahl, which affected the local IT network,” stated an Arla representative. “Due to the safety measures implemented in response to the incident, production was temporarily affected.”

As a major global dairy producer and a farmer-owned cooperative, Arla Foods has a membership base of 7,600 farmers and employs approximately 23,000 individuals across 39 countries. The company reports an annual revenue of €13.8 billion (approximately $15.5 billion), with products including the well-known brands Arla, Lurpak, Puck, Castello, and Starbucks available in 140 countries worldwide.

Currently, the company is focused on restoring normal operations at the affected facility, with expectations to resume full production within the week. “We are actively working to restore operations, and we anticipate returning to normal at the site in the coming days. It is important to note that production at other Arla locations remains unaffected,” the spokesperson added.

As reports of disruptions at Arla’s operations emerged on Friday, concerns about potential shortages have been raised. “We have reached out to our affected customers to inform them of possible delays and cancellations in deliveries,” the spokesperson explained.

Inquiry into the nature of the attack has revealed no indications of data theft or encryption, which are commonly associated with ransomware attacks. At this time, Arla has opted not to disclose further details regarding the incident.

Notably, there have been no reports of Arla’s involvement on ransomware extortion portals, leaving the specifics of the attack and its perpetrators largely unknown.