Several days after Monsanto Corp. confirmed that one of its servers was hacked earlier this year, there is still little information about why it was targeted.
The company realized on March 27 that the server had been breached, according to a May 14 letter from Monsanto subsidiary Precision Planting’s senior counsel, Reuben Shelton, to Maryland Attorney General Doug Gansler’s office.
We know that the system is used by Precision to manage the agricultural equipment services it provides to about 1,300 farmers, customers and Precision employees, whose credit card data, personal details and other information are stored on the server, according to the Wall Street Journal.
We also know that Monsanto doesn’t believe that whoever is behind the breach was seeking to obtain sensitive customer information.
“We believe this unauthorized access was not an attempt to steal customer information; however, it is possible that files containing personal information may have been accessed and therefore we are making this notification,” the May letter stated.
Monsanto believes that the issue “has been contained,” according to the letter, which added that Precision would notify people potentially affected by the security breach. And the company is taking steps to beef up security.
“While no system can be completely secure, we believe our new security protocols will provide significant protection for customer data,” Monsanto spokeswoman Christy Toedebusch said, according to ag news outlet Agri-Pulse.
What we don’t know is why Monsanto was hacked. No one has come forward to publicly accept responsibility for the breach, which is not the first the agricultural giant and frequent protest target has experienced. In March 2012, the Anonymous “hacktivist” collective posted employee email addresses and other information it stole from the Monsanto’s website online in response to the company’s “continued attack on the world's food supply, as well as the health of those who eat it.”
There is no indication yet as to who is behind the most recent security breach, but a number of theories have emerged.
Independent security analyst Graham Cluley wrote a blog post probing potential reasons for the hack. He posited that Precision could have been a “stepping stone” site perceived to have “‘softer’ security” than the main Monsanto page, which would have been the real target under this scenario.
He also considered the concept that protesters associated with the anti-GMO movement -- which spawned the worldwide March Against Monsanto demonstrations -- could have been behind the breach.
“I’m sure the guys behind March Against Monsanto wouldn’t condone anyone breaking the law or being involved in a hack, but I wouldn’t be surprised to discover it was someone who had an [understandable] grudge against the company who was responsible for this attack,” he wrote.
A commenter on Cluley’s post suggested it may have been “another Chinese commercial espionage attack” aimed at acquiring Monsanto’s intellectual property.