Blue Yonder, a supply chain software company serving clients across the UK and the US, has disclosed a ransomware attack that disrupted its private cloud services. The attack on 21 November 2024 impacted several key customers, including major grocery chains and Fortune 500 companies.
The Arizona-based firm, acquired by Panasonic in 2021, stated that the incident impacted its managed services hosted environment, but its Azure public cloud services remained unaffected. Blue Yonder confirmed the attack in an initial statement released last week and provided updates over the weekend, reporting “steady progress” in recovery efforts, but without providing a specific timeline for restoration.
Immediate impact on UK grocery chains
The ransomware incident caused operational disruptions for several Blue Yonder clients, including major UK supermarkets. Morrisons, one of the country’s largest grocery retailers with nearly 500 stores, reported that the outage had disrupted the flow of goods to its outlets. “We have reverted to a backup process, but the outage has caused the smooth flow of goods to our stores to be impacted,” said a spokesperson from Morrisons.
Sainsbury’s, another major UK grocery chain, confirmed it had activated contingency plans to manage the disruption.
In the US, Blue Yonder serves major grocery retailers such as Albertsons, which is parent company of Safeway and Jewel-Osco as well as Kroger, the operator of Ralphs and Fred Meyer. However, both companies did not confirm whether their operations were affected.
Other high-profile clients of Blue Yonder, including Procter & Gamble and Anheuser-Busch, did not comment on potential impacts from the attack.
Blue Yonder stated that it is working with external cybersecurity experts to investigate and recover from the incident. The company has implemented defensive and forensic protocols to safeguard its systems and prevent further breaches.
In a public statement on 23 November, the firm emphasised its commitment to transparency. “The Blue Yonder team is continuing to work around the clock, together with our external cybersecurity firms, to safely restore systems, resulting in steady progress,” the firm said: “Our investigation remains ongoing, but please know that our priority is to ensure a safe and secure recovery. At this point in time, we do not have a timeline for restoration.”
On 24 November, Blue Yonder reported continued progress in its restoration efforts but noted that it still could not provide a definitive timeline for full recovery.
The incident highlights the growing vulnerability of supply chain companies to ransomware attacks, which can have far-reaching consequences for businesses and consumers alike. In October, OpenText published its third annual 2024 Global Ransomware Survey, shedding light on the growing impact of software supply chain vulnerabilities, and the role of generative artificial intelligence (AI) in cybercrime. The survey revealed that 62% of respondents had faced a ransomware attack originating from a software supply chain partner within the past year, highlighting the extensive reach of these threats.
Read more: Google and CSIRO join forces to enhance software supply chain security for Australia’s critical infrastructure
