Starbucks, Grocers Revert to Manual Processes After Ransomware Attack on Third-Party Software System
Blue Yonder, an Arizona-based cloud services provider, was hit by a ransomware attack last week that disrupted a number of its managed services. Now, the ramifications are being felt by the company’s customers.
Some stores of global coffee chain Starbucks have had to revert to old-fashioned pen-and-paper employee scheduling and have reported difficulties in processing payroll, relying on manual calculations, The Wall Street Journal reported. Around 11,000 stores in North America have been affected.
The attack has also affected multiple major UK supermarket chains, including Morrisons and Sainsbury’s, disrupting fresh and produce warehouse management systems. A spokesperson for Morrisons told CNN that the chain had reverted to backup processes to get goods to stores promptly. Morrisons' suppliers said they were unable to fulfill deliveries due to the software outage.
Although Blue Yonder counts multiple major U.S. supermarkets as its clients, the impact to those businesses—if any—remains publicly unknown.
“Coming ahead of the busy holiday retail period, and just days before the U.S. Thanksgiving break, the cyber attack on Blue Yonder has prompted discussion that the incident was specifically timed to cause the maximum amount of disruption,” wrote ComputerWeekly.com.
Cybersecurity firm Semperis vice president Dan Lattimer told the outlet that “This attack was likely calculated as the hackers are aware that the Thanksgiving holiday is approaching and disruptions in the supply chain will leave many grocery stores in the U.S. with empty shelves at the worst possible time.
“While details on the specifics of the Blue Yonder attack are scant, it is yet another reminder how damaging supply chain disruptions become when suppliers are taken offline,” he continued.
Semperis research found that 86 percent of participants in a study who experienced a ransomware attack were targeted on a weekend or holiday, when staffing is more likely to be reduced. More than 80 percent of organizations surveyed said they reduced security operations center (SOC) staffing by as much as 50 percent on holidays and weekends. Nearly 5 percent of respondents said their SOC is not staffed at all on holidays or weekends, according to the Semperis 2024 Ransomware Holiday Report.
As of 24 November, Blue Yonder has not provided an official restoration timeline.