Campbell Soup says summer cyberattack caused limited business impact

Campbell Soup Co. said it discovered a cyber intrusion in part of its IT network during the end of its fiscal fourth quarter, according to a disclosure in its annual report filed Thursday with the Securities and Exchange Commission

The Camden, N.J.-based food manufacturer said it took immediate steps to investigate, contain and eliminate the threat, hired third-party cybersecurity experts and notified federal law enforcement.

The company’s fiscal fourth quarter ended July 30 and news of the attack surfaced on Aug. 3.

Campbell Soup disclosed an “IT-related complication” at a factory in Napoleon, Ohio, according to a report by WTOL. The company told the station that impacted systems had been restored and operations would be back to normal. 

The Toledo Blade reported the plant was offline for three days and employees were temporarily sent home. 

The attack had a limited impact on the company’s business and was not material to the company’s financial results or operations, according to the SEC disclosure. 

During the company’s fiscal fourth-quarter earnings call on Aug. 31, CFO Carrie Anderson said the company would incur some costs related to the incident, but said it was nonmaterial, according to a transcript of the call.

The company product line includes a variety of soups, beverages and snacks, including Campbell’s soup, Pepperidge Farm cookies, Pop Secret popcorn, V8 juices and other foods.

A spokesperson for the company said the attack did not impact any systems that connect with customers or suppliers. The company has cyber insurance coverage and is “working with our insurer to make claims under the policy.”

Editor’s note: This story has been updated to include comment from company.