Starbucks using pen and paper after Blue Yonder supply chain ransomware attack


Blue Yonder, the world’s leading supply chain technology provider, was hit by ransomware last Thursday. Now, several national chains across the US and UK, including Starbucks, are reporting using pen and paper to track employee hours and pay just days before the Thanksgiving holiday.

As reports of contingency plans and handwritten time sheets befall national brands like Starbucks and at least two major UK grocery chains, Sainsbury's and Morrisons, the fallout is unclear for the dozens of other Blue Yonder serviced supermarket chains and retail stores as consumers kick off the holiday season.

Blue Yonder, a US third-party supply chain management company, announced in an initial statement on Friday that its “managed services hosted environment” was hit with ransomware on November 21st.

ADVERTISEMENT

A company spokesperson told Cybernews on Monday that since it became aware of the incident, “the Blue Yonder team has been working diligently together with external cybersecurity firms to make progress in their recovery process and have implemented several defensive and forensic protocols.”

”Blue Yonder can confirm that ransomware has been detected, which is currently impacting our private cloud,” the company said in a second statement released over the weekend, adding that it was making “steady progress” but could not provide any specific timeline for restoration.

“This is not impacting our public cloud or commerce customers, nor does it impact the on-premise Advanced Store Replenishment solution,” Blue Yonder said.

Niamh Ancell BW Gintaras Radauskas Paulina Okunyte vilius
Get our latest stories today on Google New

The company website states that Blue Yonder’s “Advanced Store Replenishment” (ASR) digital system effectively manages inventory by projecting sales and automatically placing orders based on store and item sales.  

The entire ASR system is cloud-based, and although it's unknown how many Blue Yonder customers utilize the software-as-a-service (SaaS), several global chains have already reported having system-wide issues, including Starbucks, as well as UK supermarket chains Sainsbury's and Morrisons.

At least half a dozen supermarket brands and convenience stores, with hundreds if not thousands of locations in the US could be impacted, including Associated Food Stores, Kroger, Albertsons, Harris Teeter, Wegmans, BJ’s Wholesale Club, and Love’s Travel Stops, although there are no reports as of Monday.

Kroger Albertsons grocery chains
Images by Shutterstock
ADVERTISEMENT

Nick Tausek, Lead Security Automation Architect at Swimlane says that “cyberattacks tend to spike around the holidays as threat actors exploit heightened activity and the increased pressure on retailers.”

"As a key software provider for grocery retailers across the US and UK, Blue Yonder plays a critical role in ensuring smooth operations. When such vendors become the target of an attack, the consequences can cascade across the supply chain, impacting a wide spread of businesses and customers," Tausek explained.

"With Thanksgiving approaching, US grocery retailers face heightened risks of delays, potentially leaving stores scrambling to meet demand during one of the busiest times of the year," Tausek said.

In a strange twist of fate, earlier this month, the US division of global food retail giant Ahold Delhaize was also breached by hackers.

The attack impacted operations at several of its national grocery brand chains, including Stop & Shop, Food Lion, Hannaford, and Giant Food with customers reporting bare grocery shelves across the Northeast.

Although local Stop & Shop stores in some areas say the grocery chain is "largely recovered" from the November 8th attack, as of last week, some shoppers were still reporting empty shelves, according to one X user from Boston.

Ransomware attack ripple effect

“The attack on Blue Yonder highlights the profound ripple effects that cyberattacks on supply chain vendors can have on organizations," Tausek said, pointing out that these types of third-party attacks are "particularly challenging due to vendors being so deeply integrated" with their customer's business operations.

ADVERTISEMENT

A prime example is the impact on Starbucks. With 11,000 North American locations, the coffee conglomerate says its store managers have reverted to using pen and paper to track their workers' hours to calculate paychecks due to the supply chain breach, the Wall Street Journal reported Monday.

"Keeping our partners (baristas) whole despite the outage continues to be our priority, and we're ensuring they will receive pay for all hours worked," Starbucks reportedly said.

Starbucks worker
Image by Shutterstock

Meanwhile, Sainsbury's and Morrisons, two of the largest grocery chains in the UK, with more than 2,000 stores altogether, said they were taking steps to deal with the outage, CNN reported Sunday.

A representative for Sainsbury's said the disruption had triggered its “contingency processes,” while a spokesperson for Morrisons said “the smooth flow of goods to our stores was impacted” and it had “reverted to a backup process,” CNN reported.

Tausek noted that while the full extent of this particular breach "remains unclear," the fact that the UK grocery chains have already reverted to backup processes, "underscores the operational disruption caused by the incident.”

Major UK food chains and Blue Yonder clients Asda, Waitrose, and Tesco appear to be unaffected at this time.

Dozens of Fortune 500 brands use Blue Yonder

Headquartered in Arizona with dozens of offices across Europe, Asia, South Africa, Australia, and the UAE, Blue Yonder stated that an internal task force “is investigating and addressing this issue alongside external cybersecurity firms.”

No ransomware group has come forward to claim the attack. Furthermore, it is not clear if sensitive data belonging to the supply chain behemoth’s nearly 8,000 employees or over 3000 global customers has been compromised.

ADVERTISEMENT

“We have notified our private cloud customers and will continue to communicate as appropriate,” the company's official statement on the matter concluded. All further updates on the incident can be found can be found on the Blue Yonder website here.

Blue Yonder website
Blueyonder.com. Image by Cybernews.

At least half a dozen supermarkets, brands, and convenience stores, with hundreds if not thousands of locations in the US, use Blue Yonder software, including Associated Food Stores, Kroger, Albertsons, Harris Teeter, Wegmans, BJ’s Wholesale Club, Love’s Travel Stops, drug store chain Walgreens, Anheuser-Busch, Carlsberg, and even Dole foods.

Besides grocery & convenience, Blue Yonder technology is used across more than half a dozen industry sectors, including apparel, footwear, consumer goods, specialty retail, industrial manufacturing, warehouse management, automotive, life sciences, technology, logistics, and more.

Additionally, with the upcoming holiday gift-giving season, its list of customers that could encounter issues includes major consumer brands and stores such as Ford, Mitsubishi, Michelin, Renault, LLbean, REI, DSW, Petco, Nestle Purina, Oxford press, Microsoft, Lenovo, Micron, Bic, Bayer, Merck, and DHL.

"Prioritizing the security of not only the company’s own IT infrastructure but also the access and credentials of third-party vendors becomes essential," Tausek said.

"Leveraging automated platforms to centralize incident detection and breach reporting can help organizations efficiently respond to threats," he added.

ADVERTISEMENT