326/69 Wednesday, June 17, 2026
Mackay Sugar, one of Australia’s major sugar producers, disclosed that the company experienced a cyberattack on June 10, 2026, which affected some of its operations. Mackay Sugar operates three main sugar mills: Farleigh, Marian, and Racecourse, with an annual raw sugar production capacity of approximately 700,000 tonnes for both domestic and export markets. The incident occurred during a critical period when the mills were expected to operate continuously, meaning any disruption could affect harvesting, transportation, and the delivery of cane to the mills.
The company stated that it prioritized employee safety, the protection of operational systems, and business continuity. It also engaged cybersecurity experts to investigate the incident, notified relevant authorities, and established manual work processes to keep critical functions running. However, the company has not disclosed which systems were affected, whether industrial operational technology (OT) systems were involved, or whether any data was stolen. On June 12, the company was able to resume limited manual operations at Farleigh Mill, using only cane that had been cut before the incident. Systems related to cane delivery, harvesting, and cane intake at the mills had not yet fully resumed operations.
In an update on June 15, 2026, Mackay Sugar reported progress in restoring systems that support cane supply, harvesting, and mill operations. The company began conducting steam trials to verify the readiness of boilers and processing equipment before resuming full operations and expected that limited harvesting could resume within the week. At the same time, The Gentlemen ransomware group, tracked by Microsoft as Storm-2697, claimed responsibility for the attack and added Mackay Sugar to its Tor-based data leak site on June 15. However, no data had been published at the time of reporting. It remains unclear whether the attackers directly accessed industrial control systems or whether the operational impact was mainly caused by disrupted IT systems. This is a key issue for assessing the recovery timeline and the safety of bringing the mills back online.