Security News Blue Yonder ransomware attack disrupts grocery store supply chain

Gandalf_The_Grey

Level 84
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
7,421
Supply chain management firm Blue Yonder is warning that a ransomware attack caused significant disruption to its services, with the outages impacting grocery store chains in the UK.

Blue Yonder (formerly JDA Software) operates as a Panasonic subsidiary with an annual revenue of over a billion USD and 6,000 employees.

The company offers AI-driver supply chain solutions to retailers, manufacturers, and logistics providers, encompassing demand forecasting, inventory optimization, and transportation management.

Among its 3,000 customers are high-profile organizations like DHL, Renault, Bayer, Morrisons, Nestle, 3M, Tesco, Starbucks, Ace Hardware, Procter & Gamble, Sainsbury, and 7-Eleven.
On Friday, the company warned that it was experiencing disruptions to its managed services hosting environment due to a ransomware incident that occurred the day before, on November 21.

"On November 21, 2024, Blue Yonder experienced disruptions to its managed services hosted environment, which was determined to be the result of a ransomware incident," reads the announcement.

"Since learning of the incident, the Blue Yonder team has been working diligently together with external cybersecurity firms to make progress in their recovery process. We have implemented several defensive and forensic protocols."

Blue Yonder claims it has detected no suspicious activity in its public cloud environment and is still processing multiple recovery strategies.
 
Last edited:

Gandalf_The_Grey

Level 84
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
7,421
Starbucks forced to pay its baristas manually because of a ransomware attack on third-party software
A ransomware attack has disrupted a third-party software system that Starbucks uses to track and manage its baristas’ schedules, forcing the coffee chain to shift to manual mode to ensure its employees get paid properly, a Starbucks spokesperson said Monday.

Starbucks’ store leadership have advised their employees on how to work around the outage manually, and the company will make sure everyone gets paid for all hours worked, according to Starbucks spokesperson Jaci Anderson.

Starbucks joins a growing list of companies disrupted by the hack of Blue Yonder, an Arizona-based cloud services provider that serves grocery stores and Fortune 500 firms. Two of the top four grocery chains in the United Kingdom told CNN over the weekend that they were taking steps to deal with the Blue Yonder outage.

The Wall Street Journal first reported that Starbucks was impacted by the Blue Yonder hack.

Automaker Ford said Monday that it was investigating any potential impact.

“Ford is aware and is actively investigating if a cyber incident at a third-party supplier has any impact on our operations or systems,” said Ford spokesperson Ian Thibodeau.
Blue Yonder has hired US cybersecurity firm CrowdStrike to recover from the hack, two sources familiar with the matter told CNN. A CrowdStrike spokesperson referred questions to Blue Yonder.
 
  • Like
Reactions: Jonny Quest

Gandalf_The_Grey

Level 84
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
7,421
Cybersecurity Incident Update
On Nov. 21, 2024, Blue Yonder experienced disruptions to its managed services hosted environment, which was determined to be the result of a ransomware incident.

Blue Yonder has been working diligently together with external cybersecurity firms and hardened our defensive and forensic protocols.

We are making good progress, several of our impacted customers have been brought back online, and we are actively working directly with others to return them to normal business operations.

Last Updated: December 1, 2024 10:25pm (UTC)
 

Gandalf_The_Grey

Level 84
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
7,421
Blue Yonder SaaS giant breached by Termite ransomware gang
The Termite ransomware gang has officially claimed responsibility for the November breach of software as a service (SaaS) provider Blue Yonder.

Blue Yonder (formerly JDA Software and operating as a Panasonic subsidiary) is an Arizona-based worldwide supply chain software provider for retailers, manufacturers, and logistics providers.

Its list of over 3,000 customers includes other high-profile companies like Microsoft, Renault, Bayer, Tesco, Lenovo, DHL, 3M, Ace Hardware, Procter & Gamble, Carlsberg, Dole, Wallgreens, Western Digital, and 7-Eleven.

BleepingComputer had previously heard that Termite was behind the attack on Blue Yonder, but this could not be independently confirmed.
While the company has yet to reveal how many of its customers were impacted and if the attackers had stolen any data from its compromised systems, the Termite ransomware gang has now claimed the attack today, saying they stole 680GB of files.

"Our team got 680gb of data such as DB dumps Email lists for future attacks (over 16000) Documents (over 200000) Reports Insurance documents," the threat actors claim on their leak site.

Termite is a newly emerged ransomware operation that surfaced in mid-October, according to threat intelligence company Cyjax. It has since listed seven victims on its dark web portal from various industry sectors and from all over the world, including Blue Yonder.
 
  • Like
Reactions: Jonny Quest

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top