Mackay Sugar cyberattack halts Queensland cane harvest

A cyberattack has forced Mackay Sugar to shut its Farleigh and Racecourse mills in northern Queensland, halting cane crushing across the Mackay region in the first week of the harvest.

Mackay Sugar, Australia’s second-largest sugar producer, runs three mills that process about 700,000 tonnes of raw sugar a year. Roughly 1,300 family-owned farms feed cane into the operation, which pulls in around $420 million in annual revenue. German sugar group Nordzucker is the majority owner, having bought the business in 2019.

The shutdown hit at the very start of the crushing season. Both Farleigh and Racecourse had been running less than a week.

“It’s probably better timing for it to happen now than halfway through the crush,” Michelle Martin, Canegrowers Mackay district manager, told the ABC. The season runs June to November. Cane left standing too long loses sugar content fast — every day of downtime shrinks the window for processing the region’s crop.

Mackay Sugar has asked for all harvesting to cease immediately and not resume until further communication comes directly from the company.

— Canegrowers Mackay statement, via chairman Joseph Borg

Growers got cease-harvest notices early Wednesday morning. Andre Camilleri, a cane farmer who supplies the mill, was already out preparing equipment when the 4am call came. “It’s disappointing, and it’s disappointing for the mill staff as well because the crushing has started off on a reasonably good foot,” Camilleri told the ABC.

For the roughly 1,300 farms that supply Mackay Sugar’s three mills, all work has stopped. They are waiting.

Mackay Sugar’s statement confirmed the company has brought in specialist investigators and is working to map the scope of the intrusion. It has not disclosed what kind of attack it is dealing with — ransomware, data theft, or an operational-technology intrusion targeting industrial control systems at the mills themselves.

The incident extends a run of cyberattacks on Australian critical infrastructure that has spread well beyond energy and water. Professor Ryan Ko, a cybersecurity researcher at the University of Queensland, told The Record that food-processing operators make attractive targets. They run lean. They spend little on security. Their downtime carries outsized economic consequences. A data breach at a bank might trigger disclosure obligations; an attack on a food plant can stop physical supply chains within hours.

The sector has been hit before. Meat processor JBS Australia halted operations for three days after a 2025 ransomware attack. The Australian Cyber Security Centre’s most recent threat report flagged food-processing as a sector where operational technology and IT networks have converged faster than security budgets have kept up.

The 700,000-tonne-a-year Mackay operation supplies export markets in South Korea, Indonesia, Japan, and Malaysia. Nordzucker valued the business at roughly $120 million at acquisition and has spent on mill upgrades since, though it has said little publicly about cybersecurity.

Marian, Mackay Sugar’s third mill, has not been caught up. The facility is scheduled to start crushing next week, and growers supplying it have not been told to stop — suggesting the attack’s impact is contained to the two mills already running. The company has given no timeline for restarting Farleigh and Racecourse.

Queensland’s sugar industry generates more than $3 billion in export revenue each year, and the Mackay region accounts for about a quarter of national production. For the growers, the crop cannot wait.