3rd Party Risk Management , Fraud Management & Cybercrime , Governance & Risk Management

Ransomware Attack on Supply Chain Provider Causes Disruption

Blue Yonder Outage Causing Disruptions for Starbucks, Major Grocery Store Chains
Ransomware Attack on Supply Chain Provider Causes Disruption
Starbucks said the outage is disrupting its ability to pay baristas for actual hours worked but not its ability to serve customers. (Image: Shutterstock)

Major grocery store chains, Starbucks and other large organizations are experiencing disruptions following a ransomware attack against a key supply chain management software provider.

See Also: The Healthcare CISO’s Guide to Medical IoT Security

The affected service provider, Blue Yonder, first warned customers about the attack on Friday, reporting that the prior day it began experiencing "disruptions to its managed services-hosted environment, which was determined to be the result of a ransomware incident."

Blue Yonder is an independently operated software supplier and consultancy based in Scottsdale, Arizona, that provides supply chain management products and services to businesses. The company's offerings include inventory management and distribution systems, as well as generative artificial intelligence tools designed to streamline existing supply chains.

In a series of breach updates, the company said its response team "is working around the clock to respond to this incident and continues to make progress" but offered no timeline for when services might be restored.

"Since learning of the incident, the Blue Yonder team has been working diligently along with external cybersecurity firms to make progress in their recovery process. We have implemented several defensive and forensic protocols," it said. "The experts, along with the Blue Yonder team, are working on multiple recovery strategies and the investigation is ongoing. At this point in time, we do not have a timeline for restoration."

A Blue Yonder spokeswoman told Information Security Media Group: "We have notified relevant customers and will continue to communicate as appropriate."

The company said its investigation to date has found that the Blue Yonder's Azure public cloud environment didn't appear to have been breached by attackers.

One of the organizations affected by the outage is Starbucks, which said it complicates tracking the hours worked by its baristas across its 11,000 North American stores, as The Wall Street Journal first reported.

A Starbucks spokeswoman told ISMG the outage hasn't affected the company's ability to serve customers, but has disrupted access to the backend system employees use to view and manage their schedules, as well as record hours, and said stores are using backup processes in the interim. She said the company will need to reconcile the actual hours baristas have worked, and will ensure employees receive the correct pay as quickly as possible.

Two of Britain's "big four" grocery retail chains, Morrisons and Sainsbury's, also have reported their operations being affected by the Blue Yonder service outage.

Sainsbury's, which counts 600 supermarkets and over 800 convenience stores and also owns consumer goods retailer Argos, said its operations have been affected and it has "contingency processes in place."

Morrisons, which operates 500 stores across England, Wales and Scotland, also confirmed being disrupted. "Last week Blue Yonder suffered an outage which has impacted our warehouse management systems for fresh and produce," Morrisons told ISMG in a statement. "Ambient and frozen [foods] are unaffected. We are currently operating on our back-up systems, and we're working very hard to deliver for our customers across the country."

The disruptions are occurring ahead of Black Friday on Nov. 29, an annual marketing event tied to sales timed for the day after the Thanksgiving holiday in the U.S., although many retailers in the U.S. and abroad begin their respective promotions earlier.

Blue Yonder hasn't detailed which of its customers are affected by the outage, and the company didn't immediately respond to a request for comment. The company's website says its customers also include BJ's Wholesale Club, Crate & Barrel, PepsiCo's Latin America business, Unilever Brazil, Kmart Australia and the U.S. Agency for International Development, aka USAID. Other customers include the two largest supermarket operators in the U.S.: Kroger, which runs brands such as Ralphs, Dillons, Smith's and Fred Meyer; and Albertsons, which also operates stores under the name of other brands, including Safeway, Jewel-Osco and Shaw's.

*Update Nov. 27, 2024 09:06 UTC: This story has been updated with additional information from Blue Yonder.


About the Author

Mathew J. Schwartz

Mathew J. Schwartz

Executive Editor, DataBreachToday & Europe, ISMG

Schwartz is an award-winning journalist with two decades of experience in magazines, newspapers and electronic media. He has covered the information security and privacy sector throughout his career. Before joining Information Security Media Group in 2014, where he now serves as the executive editor, DataBreachToday and for European news coverage, Schwartz was the information security beat reporter for InformationWeek and a frequent contributor to DarkReading, among other publications. He lives in Scotland.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing databreachtoday.co.uk, you agree to our use of cookies.