Ransomware attack on Blue Yonder impacted retailers worldwide, including Morrisons and Sainsbury's

Ransomware attack on Blue Yonder impacted retailers worldwide, including Morrisons and Sainsbury’s

U.S.-based end-to-end supply chain technology services provider Blue Yonder said it experienced a cyber security incident that affected operations of major retailers across the UK.

 

Headquartered in Scottsdale, Arizona, Blue Yonder is a supply chain management company operating as an independent subsidiary of Panasonic. It has more than 3,000 clients globally, including several major retailers such as Morrisons, Sainsbury’s, Tesco, Starbucks, Renault, Procter & Gamble and more.

 

In a data security incident notification posted on its website, Blue Yonder said that on November 21, it experienced disruptions to its “managed services hosted environment”. The company immediately launched an investigation, with assistance from external cyber security experts, to determine the nature and scope of the incident.

 

The investigation revealed that the company suffered a ransomware attack that involved threat actors infiltrating its network, injecting malicious code and encrypting certain vital systems.

 

“The experts along with the Blue Yonder team are working on multiple recovery strategies and the investigation is ongoing. At this point in time, we do not have a timeline for restoration,” Blue Yonder said. “With respect to the Blue Yonder Azure public cloud environment, we are actively monitoring and currently do not see any suspicious activity.”
 
The company in two separate updates reiterated that its investigation in ongoing and is working towards recovering affected systems are ongoing but could not provide a restoration timeline.

 

Morrisons and Sainsbury’s, two of the UK’s largest retail chains, confirmed being affected by the Blue Yonder ransomware attack.

 

In a statement shared with CNN, a Morrisons spokesperson said, “We have reverted to a backup process but the outage has caused the smooth flow of goods to our stores to be impacted.”

 

A spokesperson for Sainsbury’s said the grocery store chain had “contingency processes in place” to deal with the incident.

 

Operational disruptions were reported in the U.S. too. In a statement shared with the Wall Street Journal, a Starbucks spokesperson said that the ransomware attack disrupted the organisation’s ability to pay baristas and manage their schedules, forcing them to manually calculate employees’ pay.