On April 26, 2023, Americold Realty Trust, Inc. began to receive evidence that its computer network was affected by a cybersecurity incident. We immediately implemented containment measures and took operations offline to secure our systems and reduce disruption to our business and customers. We have launched a review of the nature and scope of the incident, are working closely with cybersecurity experts and legal counsel, and have reported the matter to law enforcement. We are taking action to resume normal operations at impacted facilities so that we can continue to support customers.
The security and the privacy of data remain a priority at Americold. We will continue to take appropriate measures to further safeguard the integrity of its information technology infrastructure, data and customer information.
The following FAQs provide technical updates for our customers.
June 26, 2023 Update – Security Memo from Mandiant
Since April 26th, Americold has taken methodical steps to rebuild and harden our environment, working closely with Mandiant, a recognized global cybersecurity firm. We were able to continue to operate in multiple environments, including our cloud-based systems, our legacy WMS, EDI, and our Microsoft O365 email, as we confirmed, in consultation with Mandiant, that the systems in these environments are configured safely.
Since April 26th, Americold has taken methodical steps to rebuild and harden our environment, working closely with Mandiant, a recognized global cybersecurity firm. We were able to continue to operate in multiple environments, including our cloud-based systems, our legacy WMS, EDI, and our Microsoft O365 email, as we confirmed, in consultation with Mandiant, that the systems in these environments are configured safely.
Since April 26th, Americold has taken methodical steps to rebuild and harden our environment, working closely with Mandiant, a recognized global cybersecurity firm. In response:
- We instituted “trusted” IP end-points, meaning only IPs validated as “clean” to access systems by our partner, Mandiant, are able to access our data centers to drive the rebuild.
- We were able to protect multiple environments including our cloud-based systems, our legacy WMS, EDI, and our Microsoft O365 email. In consultation with Mandiant, we permitted these systems to operate as we confirmed they are configured safely.
- As we continue to bring up environments, we ensure they are scanned and validated as clean before being they are put into production. We implemented Mandiant’s Managed Defense service to monitor all endpoints and network traffic and Trellix Agents, installed (and monitored) by Mandiant, on our end-points.
We continue the investigation as these hardening measures are implemented. It is our intent to keep our impacted network locked down as described until we are able to validate to our satisfaction, in consultation with our customers, that it is safe to reopen traffic.
We continue to investigate this incident while we implement hardening measures. It is our intent to keep our impacted network locked down as described until we are able to validate to our satisfaction, in consultation with our customers, that it is safe to reopen traffic. We will provide updates as information becomes available.
Since April 26th, Americold has taken methodical steps to rebuild and harden our environment, working closely with Mandiant, a recognized global cybersecurity firm. In response:
- We instituted “trusted” IP end-points, meaning only IPs validated as “clean” to access systems by our partner, Mandiant, are able to access our data centers to drive the rebuild. This process briefly slowed our rebuild efforts as it took over 12 hours but our priority was to ensure security validation.
- We were able to protect multiple environments including our cloud-based systems, our legacy WMS, EDI, and our Microsoft O365 email. In consultation with Mandiant, we permitted these systems to operate as we confirmed they are configured safely.
- As we continue to bring up environments, we ensure they are scanned and validated as clean before being they are put into production. We implemented Mandiant’s Managed Defense service to monitor all endpoints and network traffic as well as Trellix Agents, installed (and monitored) by Mandiant, on our end-points.
We continue to investigate the incident as these hardening measures are implemented. It is our intent to keep our impacted network locked down as described until we are able to validate to our satisfaction, in consultation with our customers, that it is safe to reopen traffic.
Workstations accessing Americold customer or partner systems will require the following:
- A Trellix Endpoint Security agent be installed on the workstation.
- The system is validated as clean for known IOCs by Mandiant prior to the workstation resuming connectivity with external customer environments.
- Continual review by Mandiant for new indicators of compromise, in parallel with investigative activities. As an added layer of defense, Americold has enrolled in Mandiant’s Managed Defense. This service provides 24/7 monitoring of Americold systems with Trellix Endpoint Security agents and scopes, investigates, and prioritizes alerts with context from Mandiant’s threat intelligence.
