Ransomware attack on software supplier disrupts operations for Starbucks and other retailers

NEW YORK — (AP) — A ransomware attack that hit a major software provider last week caused disruptions for a handful of companies over recent days, from Starbucks to U.K. grocery giant Morrisons.

Blue Yonder, which provides supply chain technology to a range of brands worldwide, said that it experienced disruptions to services it manages for customers on Thursday, which the third-party software supplier determined to be "the result of a ransomware incident.”

Some systems went offline, impacting clients using Blue Yonder's software. A spokesperson for Starbucks, for example, said that the chain's ability to manage barista schedules and track hours was disrupted — meaning store leaders across North America are currently being instructed to use manual workarounds.

Starbucks maintained that the outage is not impacting how customers are served and that ensuring workers get paid for all hours worked is a top priority. While the company continues to work towards full recovery, the spokesperson added that Starbucks was able to process payroll again as of Tuesday morning.

Two of the U.K.'s biggest grocers, Morrisons and Sainsbury's, were also affected — with both telling CNN over the weekend that they had turned to contingency plans to keep operations flowing. A spokesperson for Morrisons confirmed to The Associated Press that the outage "impacted our warehouse management systems for fresh and produce" and that it was continuing to operate on back up systems Tuesday.

Sainsbury's, meanwhile, said Tuesday that its service was restored.

Blue Yonder declined to disclose how many of its customers were impacted by the hack. In a statement sent to the AP, a spokesperson maintained that it had notified “relevant customers” and would continue to communicate as needed.

The spokesperson also maintained that recovery efforts were still underway — noting that Blue Yonder "has been working diligently together with external cybersecurity firms to make progress,” including the implementation of several defensive and forensic protocols.

Blue Yonder's website touts an extensive global roster of customers — including Gap, Ford and Walgreens. Walgreens and Gap were not impacted following the ransomware attack, spokespeople for the companies said. Ford shared that it was investigating whether the incident affected its operations earlier this week, but had no further updates when reached Tuesday.

Blue Yonder, based in Arizona, is a subsidiary of Japan's Panasonic Corp. Panasonic acquired the supply chain software firm in September 2021.