Michigan Sugar Data Breach Affects 16,689 People

Michigan Sugar Company, a major grower-owned agricultural cooperative based in Bay City, Michigan, recently suffered a data breach that has affected thousands of individuals across the United States.

On Aug. 14, 2025, the company detected suspicious activity within its network, later confirming that an unauthorized third party had gained access to certain systems. The intrusion was traced to the ransomware group known as Akira, which publicly claimed responsibility on the dark web on Sept. 5, 2025, alleging the theft of 40 GB of sensitive data, including financial records, employee and customer information, confidential documents, non-disclosure agreements and other files containing detailed personal information.

Following a thorough investigation, Michigan Sugar Company determined on Dec. 17, 2025, that the files accessed by the attackers included personally identifiable information (PII) such as names and Social Security numbers.

According to the Maine Attorney General disclosure, a total of 16,689 individuals in the United States were affected by the breach, with two of those residing in Maine. The company notified impacted individuals via written notice on Jan. 30, 2026.

Michigan Sugar Company's response

In response to the incident, Michigan Sugar Company engaged third-party cybersecurity specialists to investigate the breach, assess the extent of unauthorized access and secure its systems. The company undertook a comprehensive review to determine the nature of the compromised data and identify the individuals impacted.

To support those affected, Michigan Sugar Company is offering complimentary credit monitoring and identity restoration services through IDX for up to one year. Impacted individuals are encouraged to enroll in these services by following the instructions provided in their notification letter.

The company has also provided detailed guidance on protecting personal information, including steps to place a fraud alert or credit freeze with the major credit bureaus, tips for monitoring financial accounts and resources for reporting identity theft to law enforcement and regulatory agencies.

Given the nature of the breach and the types of information exposed, it is especially important for affected individuals to remain vigilant. Monitoring credit reports, reviewing account statements for suspicious activity and taking advantage of the provided credit monitoring services are strongly recommended.

Anyone who receives a notification from Michigan Sugar Company should consider placing a fraud alert or credit freeze on their credit file to help prevent unauthorized use of their information.