A ransomware attack on Blue Yonder, a supplier of supply chain software, is affecting major companies worldwide. Among others, Starbucks, Jumbo, Hema along with other supermarkets worldwide are experiencing disruptions in their logistics processes.
Blue Yonder was hit on Nov. 21 by a ransomware attack that disrupted the company’s managed services environment. This is causing problems for companies that rely on its logistics and workforce management software. Starbucks reports disruption to employee timekeeping and payroll. Still, stores remain operational, thanks to temporary manual processes.
In the Netherlands, Jumbo and Hema are also experiencing disruption. Hema has had to shut down some systems, slowing down logistical processes. A spokesman stressed toWarehouseTotaal that this is not causing empty shelves in the stores. “It is a lot more work, but fortunately we have backup systems. We have not had to use extra people and there will be no empty shelves in the stores,” said the Hema spokesperson.
Jumbo reports similar problems, with no impact to customers. FloraHolland and DHL, also users of Blue Yonder, report no inconvenience.
In the United Kingdom, supermarkets such as Morrisons and Sainsbury’s are experiencing logistical disruptions, according to ComputerWeekly. At Morrisons, suppliers had to delay deliveries, while Sainsbury’s switched to emergency procedures.
Timing is not coincidental
The timing of the attack, just before Thanksgiving and the U.S. holiday season, suggests that the perpetrators wanted to cause maximum disruption. U.S. retailers using Blue Yonder, including major supermarket chains, are preparing for possible supply implications.
Security experts stress the importance of third-party risk management. Organizations should be prepared for supplier disruptions, for example, through alternative procedures and simulation training. This helps minimize operational downtime in future incidents.
Blue Yonder’s recovery is ongoing, with support from outside security specialists. A timeline for full operational recovery has not yet been shared. The attack underscores the vulnerability of supply chain systems and the need for robust security measures.
You can follow all of Blue Yonder’s updates live through their status page.