Ransomware attack on supply chain impacts Starbucks
Update, Nov. 27, 2024: This story, originally published Nov. 26 now includes more information from Starbucks as well security experts concerning the wider implications of the Blue Yonder ransomware attack.
A cyber attack, confirmed as being ransomware, against the AI-driven supply chain platform Blue Yonder is having a broader impacts on both sides of the pond: Starbucks in the U.S. is said to be affected as as at least two of the big four U.K. retail supermarket chains. Here’s what we know so far.
Blue Yonder Falls Victim To Ransomware—Retailers Feel The Heat
Blue Yonder describes itself as a world leader in digital supply chain transformation with an AI-driven platform that helps with everything from fulfillment to delivery logistics. When a global retail supply chain player gets hit by ransomware you can be sure the ripples will spread across both sides of the pond, and that’s the case with a cyber attack that was confirmed by Blue Yonder as taking place on Nov. 21. “Blue Yonder experienced disruptions to its managed services hosted environment, which was determined to be the result of a ransomware incident,” an official statement said, “Our investigation remains ongoing, but please know that our priority is to ensure a safe and secure recovery. At this point in time, we do not have a timeline for restoration.” The last update to the situation from Blue Yonder was posted on Nov. 24 and stated that the incident response continued to progress but was still unable to confirm a timeline for full-service restoration.
Reuters has reported that Starbucks has been affected by the ransomware attack on Blue Yonder, impacting barista schedule management and payments as a back-end process has been disrupted. A Starbucks spokesperson told Reuters that the incident “is not impacting its customer service, and the company was working to ensure its employees were fully paid for their hours worked with limited disruption or discrepancy.”
I reached out to Starbucks for further information, and a spokesperson, who didn’t want to be quoted directly, told me that Starbucks was working as quickly as possible to ensure that all employees were being paid fully for their hours worked and without disruption or discrepancy to the best of its ability. This is because Blue Yonder provided a back-end Starbucks process which enables the employee hours platform, tracking hours worked and also enabling those employees to view and manage their schedules. The Starbucks spokesperson told me that it had been able to process payroll as planned and that company has the functionality in place to ensure those who are scheduled to work on Thanksgiving receive holiday pay as anticipated. Starbucks wanted to clarify that the Blue Yonder incident was having no impact upon customers directly, and its stores were open and serving coffee as usual.
Ransomware Clean-Up On The U.K. Aisle
Two of the big four supermarket chains in the U.K., Morrisons and Sainsbury’s, are also reported to have been impacted by the Blue Yonder ransomware attack.
Meanwhile, a Sainsbury’s spokesperson told the same trade publication that it was “in close contact with Blue Yonder and can reassure our customers we have contingencies in place.”
“The recent ransomware attack on Blue Yonder highlights the importance of having predetermined secure measures in place within supply chains,” Jake Moore, the global cybersecurity advisor at ESET, said. “Organizations need to carry out thorough risk assessments to identify typical vulnerabilities in their supply chain networks, including all those from third-party vendors.” Moore advised that standard security protocols such as regular software updates, staff training and stringent access controls “are often overlooked but fall straight into supply chain attackers’ hands. By proactively addressing known attack entry points,” he concluded, “businesses have a much better chance in resilience against such threats.”
This is a developing story, which I will revisit as more updates about the ongoing impact of, and recovery from, the ransomware attack become available.
