Blue Yonder has confirmed that it is investigating a significant cybersecurity breach following claims from a ransomware group, Termite, which has threatened to publish stolen data. The supply chain management software provider was targeted by cybercriminals in a ransomware attack on 21 November, causing widespread disruptions to its services.

The company, which supports major clients such as DHL, Sainsbury’s, Starbucks, Morrisons, and Walgreens, initially reported the incident as a ransomware attack but did not disclose further details. However, last week, the Termite group took responsibility for the attack, claiming on its dark web site that it had stolen 680GB of sensitive data, including documents, insurance papers, and email lists. Termite has warned that it plans to use the stolen data for future cyberattacks unless its demands are met.

Client disruptions and operational impact

In a statement, Blue Yonder acknowledged the claims made by the hackers and confirmed it was working with external cybersecurity experts to investigate the breach. The company has not yet confirmed the full extent of the data stolen, nor has it disclosed any ransom demands. “We are aware that an unauthorised third party claims to have taken certain information from our systems,” said Marina Renneke, a spokesperson for the company, as reported by TechCrunch. “We are working diligently with external cybersecurity experts to address these claims.”

The attack has disrupted operations for several of Blue Yonder’s high-profile clients. UK supermarket chains Morrisons and Sainsbury’s both reported significant disruptions, particularly in their supply chain operations. The former, which operates nearly 500 stores across the UK, confirmed that the outage had affected the smooth flow of goods to its outlets, forcing the retailer to revert to backup processes. Starbucks, meanwhile, experienced issues with its payroll systems, as the cyberattack significantly delayed employee pay processing. Managers were required to manually calculate wages as a result.

While the company’s Azure public cloud services were not impacted, Blue Yonder’s private cloud services, which host the affected clients, were severely disrupted. Blue Yonder has assured its customers that recovery efforts are underway, and the company has kept them apprised of its progress.

The ransomware group responsible for the attack, Termite, is relatively new but has already targeted multiple organisations across various sectors. Experts have linked the group to the infamous Babuk ransomware gang, which was behind several high-profile breaches and ransom payouts in recent years. Researchers have noted that Termite’s ransomware appears to be a modified version of Babuk’s strain, further adding to the concern surrounding the sophistication of the attack. Blue Yonder continues to work with forensic experts to assess the damage, and the company has yet to provide an update on the number of clients impacted.

Read more: Blue Yonder breach debacle continues with Starbucks disruption