Software firm Blue Yonder providing services to US and UK stores, including Starbucks, hit by ransomware attack

Blue Yonder, a supply chain software provider, suffered a ransomware attack, impacting operations for clients like Starbucks and grocery stores.

A ransomware attack on Blue Yonder disrupted operations for several customers, including Starbucks and U.K. grocery chain Sainsbury.

“A ransomware attack has disrupted a third-party software system that Starbucks uses to track and manage its baristas’ schedules, forcing the coffee chain to shift to manual mode to ensure its employees get paid properly, a Starbucks spokesperson said Monday.” reported CNN. “Starbucks’ store leadership have advised their employees on how to work around the outage manually, and the company will make sure everyone gets paid for all hours worked, according to Starbucks spokesperson Jaci Anderson.”

The incident occurred on November 21, 2024, causing widespread disruptions to the company’s managed services hosted environment. Blue Yonder confirmed it was the victim of a ransomware attack.

Since learning of the security breach, the company immediately started incident response procedure with the help of external cybersecurity firms, including CrowdStrike.

“On November 21, 2024, Blue Yonder experienced disruptions to its managed services hosted environment, which was determined to be the result of a ransomware incident.” reads the statement published by the supply chain management software provider.

“With respect to the Blue Yonder Azure public cloud environment, we are actively monitoring and currently do not see any suspicious activity.”

The incident response team is working to recover impacted systems and investigate the security breach. is ongoing, however at this time, the company does not have a timeline for restoration.

In the last unpdate published on November 24, 2024, Blue Yonder said that they are working around the clock to respond to this incident and continue to make progress.

At this time, no known ransomware group claimed responsibility for the attack. It’s unclear if the attackers have stolen information from the company.

Blue Yonder Group, Inc. (formerly JDA Software Group) is an American supply chain management company operating as an independent subsidiary of Panasonic.

Blue Yonder serves a variety of industries, including retail, manufacturing, and distribution, and is known for helping organizations streamline their operations and enhance customer satisfaction. It was previously known as JDA Software before rebranding to Blue Yonder in 2020 and was acquired by Panasonic Corporation in 2021 to strengthen its AI-driven supply chain solutions.

The company has more than 6,000 employees and over 3,000 customers across 76 countries.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, newsletter)