A ransomware attack has disrupted a third-party software system that Starbucks uses to track and manage the schedules of its baristas, forcing the coffee chain to switch to manual mode to ensure its employees are paid properly, it said a Starbucks spokesperson Monday.
Starbucks store management has advised their employees on how to manually work around the outage, and the company will ensure everyone gets paid for all hours worked, Starbucks spokesperson Jaci Anderson said.
Starbucks joins a growing list of companies disrupted by the hack of Blue Yonder, an Arizona-based cloud services provider serving grocery stores and Fortune 500 companies. Two of the four largest supermarket chains in the United Kingdom told CNN this weekend that they are taking steps to resolve the Blue Yonder outage.
The Wall Street Journal first reported that Starbucks was affected by the Blue Yonder hack.
Automaker Ford said Monday it is investigating possible consequences.
“Ford is aware and is actively investigating whether a cyber incident at a third-party vendor has any impact on our operations or systems,” said Ford spokesman Ian Thibodeau.
A range of large multinational companies use Blue Yonder cloud services to manage their supply chains. The company has declined to answer questions about which of its customers were affected by the hack. Blue Yonder’s latest public statement said it is “working around the clock to respond to this incident and continues to make progress.”
Since the hackers struck last week, Blue Yonder has been trying to work with US customers to mitigate any impact on customers.
Blue Yonder has hired US cybersecurity firm CrowdStrike to recover from the hack, two sources familiar with the matter told CNN. A CrowdStrike spokesperson referred questions to Blue Yonder.
Ransomware attacks typically lock down computer systems, allowing hackers to demand extortion fees. According to crypto tracking firm Chainalysis, cybercriminals will have extorted a record $1.1 billion in ransoms from victim organizations around the world in 2023, despite efforts by the US government to cut off their funding flows.
Ransomware attacks are ubiquitous year-round, but the holidays can be a particularly opportune time for hackers to strike as businesses rush to fulfill orders.
Cybersecurity firm Semperis found that 86% of organizations surveyed in the United States, United Kingdom, France and Germany that experienced ransomware attacks were targeted during a holiday or weekend.
The disruption is the latest challenge facing Starbucks’ new CEO Brian Niccol, who is struggling with three straight quarters of declining sales.
For more CNN news and newsletters, create an account at CNN.com
