BIC, Starbucks, Morrisons continue recovery after Blue Yonder ransomware attack

Several major companies are in the process of recovering after a ransomware attack on a third-party technology provider impacted several systems ahead of the Thanksgiving holiday. 

Blue Yonder, a technology firm providing digital supply chain tools to some of the largest companies on the planet, discovered a ransomware attack last Thursday that impacted some of its customers. 

Starbucks spokesperson Abigail Covington told Recorded Future News on Wednesday that the attack on Blue Yonder disrupted a back-end Starbucks process that manages how employees view and manage their schedules, and see the number of hours people worked.

“We’re working closely with our vendor to get to resolution. In the meantime, our store leaders and partners have been provided guidance for how best to work around the outage manually,” Covington said. 

“Keeping our partners whole despite the outage continues to be our priority and we’re ensuring they will receive pay for all hours worked. We can confirm we’ve been able to process payroll today, as planned; and we have the functionality in place to ensure those who were scheduled to work on Thanksgiving receive holiday pay as anticipated.”

The outages have not impacted customer services. Several other companies said they too are dealing with supply chain issues in light of the ransomware attack. 

A spokesperson for pen manufacturer BIC said they are “currently experiencing some limited shipping delays as a result of the ransomware attack against Blue Yonder.”

“While the outage does not directly impact our operations, we are working with our partners on contingency plans where needed,” the BIC spokesperson said.

Sainsbury’s — one of the largest supermarket chains in the U.K. — said its services have been restored since it was impacted by the ransomware attack. Another large U.K. supermarket chain, Morrisons, explained that the attack impacted the company’s warehouse management systems for fresh foods and produce.

“We are currently operating on our back up systems and we're working very hard to deliver for our customers across the country,” a representative for the company said. 

Dozens of other Blue Yonder customers confirmed to Recorded Future News that they were not impacted by the ransomware attack, including Wegmans, GAP, Mitsubishi, DHL, Tesco, ABB, Walgreens and Carlsberg.

Food manufacturing giant Dole and Oxford University Press declined to comment. 

Blue Yonder has not provided an update on the situation since the weekend, when they said there is no timeline for when they will be able to restore service. No ransomware gang has taken credit for the incident as of Wednesday afternoon. 

Several experts said the attack on Blue Yonder was yet another example of how the reliance on third-party systems endangers entire digital ecosystems.

“While the systems foster innovation, they also amplify systemic risk—issues with one provider can cascade across multiple organizations,” said Nabil Hannan, Field CISO at NetSPI. “They are also logistically complex and resource-intensive. Undocumented dependencies or poorly understood integrations often leave organizations blind to potential vulnerabilities.”

Dan Lattimer, vice president at cybersecurity firm Semperis warned that hackers are likely hoping to extract ransoms out of food manufacturers ahead of the Thanksgiving and Christmas holidays when any disruption to the supply chain will leave grocery stores with empty shelves at the worst possible time.