A ransomware attack on Blue Yonder, a key supply chain management software provider, has disrupted operations at Starbucks, forcing the company to revert to manual processes for managing employee schedules and payroll systems.
Blue Yonder, headquartered in Arizona, disclosed on November 21 that its managed services hosted environment had been compromised, leading to widespread service interruptions. The company promptly initiated an investigation and began working to restore affected services. As of November 24, Blue Yonder reported steady progress but could not provide a timeline for full restoration.
The company provides AI-driven supply chain solutions tailored for retailers, manufacturers, and logistics providers, with capabilities that include demand forecasting, inventory optimization, and transportation management.
The issues at the coffee giant were first reported by The Wall Street Journal on Monday. The company has enlisted a U.S cybersecurity firm CrowdStrike to aid its investigation and recovery efforts but has shared few details about the nature of the attack. Notably, no ransomware group has claimed responsibility. Typically, such groups only publicize attacks and release stolen data if ransom negotiations fail or payment is refused.
In a statement Monday, Blue Yonder said it had notified relevant customers about the incident and “will continue to communicate as appropriate.”
“Blue Yonder experienced disruptions to its managed services hosted environment, which was determined to be the result of a ransomware incident,” said Marina Renneke, a company spokesperson. “Since learning of the incident, the Blue Yonder team has been working diligently together with external cybersecurity firms to make progress in their recovery process. We have implemented several defensive and forensic protocols.”
Blue Yonder, which serves over 3,000 clients across 76 countries, offers an end-to-end supply chain platform used by retailers, manufacturers, and logistics providers. The attack has disrupted operations for several major customers including Starbucks.
In the UK, supermarket chains Morrisons and Sainsbury’s have also been affected. Morrisons, which relies on Blue Yonder for warehouse management, has turned to a manual backup system, impacting supplier deliveries and product availability. Sainsbury’s confirmed disruptions but stated it has contingency plans in place to minimize the impact.
Other notable companies, including Albertsons, Kroger, Ford, Procter & Gamble, and Anheuser-Busch, also utilize Blue Yonder’s solutions. However, it remains unclear whether these firms have experienced any direct effects from the incident.
Ransomware attacks, which typically lock computer systems to extort payments from victims, resulted in a record $1.1 billion in global ransom payments in 2023. This surge occurred despite efforts by the U.S. government to disrupt hackers’ financial networks.
Such attacks are a year-round threat but are especially prevalent during the holiday shopping season, as companies rush to meet increased demand. Cybersecurity firm Semperis reports that 86% of ransomware attacks on organizations in the U.S., U.K., France, and Germany occurred on holidays or weekends, exploiting reduced staffing and heightened activity.
The recent ransomware attack on supply chain software provider Blue Yonder, which forced Starbucks to revert to manual scheduling and payroll processes, adds to the challenges facing new CEO Brian Niccol. The company is already dealing with three consecutive quarters of declining sales, complicating recovery efforts.
Source: https://www.linkedin.com/pulse/starbucks-hit-ransomware-attack-tech-provider-skbee/
