Supply chain software provider Blue Yonder reports ransomware attack
Learn More
Blue Yonder, a major supply chain software provider servicing numerous supermarkets and Fast-Moving Consumer Goods (FMCG) suppliers, is reporting a ransomware attack affecting their private cloud infrastructure.
Blue Yonder specializes in demand forecasting and replenishment, automated ordering, as well as warehouse and transportation software. The company has established a dedicated task force to investigate and address the issue, working alongside external cybersecurity firms, and has notified their private cloud customers of the situation.
The incident is causing significant disruptions to supply chain operations across multiple major retailers in the UK, with the company acknowledging that "ransomware has been detected, which is currently impacting our private cloud."
The impact has been so severe that Morrisons is warning its wholesale and convenience customers that availability on some lines may drop as low as 60%. Sainsbury's, which recently completed the rollout of a comprehensive new 'Supply Chain Transformation Programme' using Blue Yonder's solutions across fresh, frozen, and ambient categories, has also been impacted. However, the supermarket has stated they have contingency procedures in place to mitigate the impact, with a spokesperson confirming they are in close contact with Blue Yonder and have measures in place to reassure customers. Other major retailers such as Asda and Waitrose, while also using Blue Yonder's software, have reported they are currently not affected by the incident
The full scope of the breach, number of affected organizations, and potential data compromise have not been publicly disclosed.
The ransom demand amount and identity of the threat actors remain unknown, and no information about data exfiltration has been released.
Update - as of 25th of November 2024, Starbucks reports that the Blue Yonder incident software has disrupted payroll and scheduling systems across 11,000 North American stores, forcing managers to manually calculate employee pay while the company temporarily compensates workers based on scheduled rather than actual hours worked. Starbucks assures that customer service remains unaffected and has committed to reconciling any payroll discrepancies once systems are restored.
As of 6th of December 2024, the Termite ransomware gang has claimed responsibility for the breach. According to their claims, they exfiltrated 680GB of data including:
- Database dumps
- Email lists containing over 16,000 entries
- Over 200,000 documents
- Reports
- Insurance documents
