Dairy Farmers of America, a major Kansas-based farmer-owned dairy cooperative, suffered a significant ransomware attack in June, which was later claimed by the Play ransomware group. The attack resulted in unauthorized access to the cooperative's systems, leading to the theft of sensitive personal information belonging to 4,546 individuals. The compromised data included names, dates of birth, Social Security numbers, bank account details, driver's license or state-issued ID numbers, and Medicare or Medicaid numbers. The breach affected both employees and members of the cooperative, which is responsible for marketing and selling milk and related products from its 9,500 farmer-owners and employs approximately 19,000 people. The organization reported $24.5 billion in revenue in 2022 and is responsible for producing about 23% of all U.S. milk, highlighting the potential impact of the attack on the broader food and agriculture sector. The attackers gained access to the network through a sophisticated social engineering campaign, which enabled them to bypass security controls and begin exfiltrating data shortly after the initial compromise. Dairy Farmers of America discovered the breach two days after the attack began and subsequently launched an internal investigation, which concluded on September 15. The organization filed breach notifications with regulators in Maine and began notifying affected individuals, offering two years of identity protection services to those impacted. The Play ransomware group, which has been active since 2022, has been linked to over 900 attacks globally, including dozens of high-profile incidents targeting various sectors. The incident at Dairy Farmers of America is part of a broader trend, with the food and agriculture sector experiencing 84 ransomware attacks in the first quarter of 2025 alone, more than double the number from the same period the previous year. Despite the growing threat, recent bipartisan Senate legislation aimed at improving cyber defenses for the food and agriculture industry has not been enacted. The breach underscores the increasing use of advanced social engineering tactics by ransomware groups to target critical infrastructure and highlights the ongoing vulnerability of the food supply chain to cyber threats. Dairy Farmers of America did not respond to media requests for further comment regarding the incident. The attack has raised concerns about the resilience of essential services and the need for enhanced cybersecurity measures across the agricultural sector. Regulatory scrutiny is expected to increase as a result of the breach, with potential implications for industry-wide security standards. The incident serves as a stark reminder of the risks posed by ransomware to organizations managing sensitive personal and financial data.

Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
6 events from the most recent confirmed update back to the earliest known activity.
Following the breach disclosure, Dairy Farmers of America said it would provide two years of identity protection services to affected individuals. The offer was part of its response to the exposure of sensitive personal data.
Dairy Farmers of America disclosed in breach notifications, including a filing with Maine regulators, that 4,546 individuals were affected. The notices said exposed data included Social Security numbers, driver's license or state ID numbers, dates of birth, bank account numbers, and Medicare or Medicaid numbers.
The Play ransomware operation was identified as claiming the Dairy Farmers of America incident. The claim linked the June breach to a known prolific ransomware group.
Dairy Farmers of America said it finished its investigation on September 15, 2025. The investigation determined that stolen data included highly sensitive personal, financial, and health-related identifiers.
The cooperative reported that it discovered the unauthorized activity two days after the attack started. This indicates the compromise was identified shortly after the initial June intrusion.
Dairy Farmers of America said a ransomware-related intrusion began in June 2025 after attackers used a sophisticated social engineering campaign to gain access and exfiltrate data. The incident affected employee and cooperative member information.
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
2 references tracked. Mallory keeps watching after this page renders.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.