Arla Foods expects its factory in Germany affected by a cybersecurity incident to be “back to normal” in the coming days.

Last week, the Lurpak and Castello owner said “suspicious activity” had hit the co-op’s IT network at its plant in the German town of Upahl. The incident had affected production.

In a statement sent to Just Food today (20 May), a spokesperson for the dairy giant said: “During the next few days, we expect the site to be back to normal. Production has not been affected at other Arla sites. We have already been in contact with those of our customers who are affected by potential delivery delays and disruptions.”

Just Food has asked Arla for further details on the nature of the incident.

Arla generated sales of €1.27bn ($1.42bn) in Germany in 2024, up 1.5% on a year earlier. Germany is Arla’s third-largest market by annual sales behind the UK and Sweden.

In 2024, Arla’s group revenues reached €13.8bn, a rise on the €13.7bn generated a year earlier.

According to Arla’s 2024 annual report, the cooperative employed 1,635 staff in Germany last year. Its total headcount was 23,632.

Last month, Arla announced plans to merge with DMK, the largest dairy co-op in Germany.

The pair said in a joint statement the deal would create “the largest dairy cooperative in Europe”, with members in Denmark, Sweden, the UK, Germany, Belgium, Luxembourg and the Netherlands.

The transaction could bring a combined, pro-forma revenue of €19bn to the new entity, which would carry the Arla name and be headquartered in Denmark.

In 2024, DMK generated revenue of €5.1bn, down from €5.5bn a year earlier. Its brands include Milram, Oldenburger, Uniekaas, Alete Bewusst and Humana.

According to a Rabobank report published last August, Arla was the seventh-largest dairy group worldwide, based on 2023 financials. DMK ranked 18^th.

Earlier this month, Oettinger Getränke, the German beer and soft-drinks group, said it was investigating a cyberattack on the business.

In a brief statement, the privately owned company confirmed the breach and said it was looking into the “potential” for data leaks.

According to specialist publication Cybernews, ransomware group Ransom House claimed it held data from the brewer.

"Arla cyber-hit plant nears “normal” operations" was originally created and published by Just Food, a GlobalData owned brand.

The information on this site has been included in good faith for general informational purposes only. It is not intended to amount to advice on which you should rely, and we give no representation, warranty or guarantee, whether express or implied as to its accuracy or completeness. You must obtain professional or specialist advice before taking, or refraining from, any action on the basis of the content on our site.