Overview
- Mackay Sugar first disclosed a cybersecurity incident on June 10 and by June 12 had restarted a limited manual crush at Farleigh Mill to process cane already harvested before the attack.
- Company updates on June 15 said steam trials and validation are underway and that a staged restart of crushing is planned, but growers and harvesters were told not to resume harvesting until the mills clear safety checks.
- The Gentlemen ransomware group, tracked by Microsoft as Storm-2697, listed Mackay Sugar on its dark‑web leak site on June 15 but had not published stolen data at the time of reporting.
- Mackay Sugar has not confirmed whether data were exfiltrated or whether operational technology and industrial control systems were directly compromised, and that uncertainty shapes both the pace and safety checks for recovery.
- The timing during crushing season raises immediate risks for growers because unprocessed cane loses sugar content and earns lower payments, and the incident highlights a broader trend of prolific double‑extortion ransomware groups using data leaks to pressure victims.