Tech firm Blue Yonder – a ransomware attack on which downed the supply chain systems at several major supermarkets – has told clients their shopper and supplier data is safe, The Grocer understands, after a hacker group took credit for the attack and claimed it had stolen thousands of emails and documents.
The attack on Blue Yonder in November saw Morrisons, Sainsbury’s and Starbucks forced to use manual pen and paper workarounds and back-up systems to continue day-to-day operations. Blue Yonder in December said it had “experienced disruptions to its managed services hosted environment” which was “determined to be the result of a ransomware incident”.
A hacker group called Termite has since claimed credit for the attack, stating on its dark web site that it had successfully stolen 680GB of data, including databases, 16,000 email addresses “for future attacks”, and “over 200,000” documents including reports and insurance documents.
“We are aware that an unauthorised third-party claims to have taken certain information from our systems in connection with the ransomware attack that occurred last November,” a Blue Yonder spokeswoman told The Grocer. “We are working diligently with external cybersecurity experts to address these claims and the investigation remains ongoing. If we determine that any personal data associated with a particular customer was impacted, we will notify the customer.”
It is understood many supermarket customers have been assured by Blue Yonder their customer and supplier data is safe, despite the group’s claims.
According to cyber security experts, the Termite group is relatively new, having become active last April. It uses “aggressive double extortion tactics” according to cyber security firm SOCRadar – demanding payment to decrypt files and then more to not leak them publicly.
The group claims to have hacked several victims, including automotive parts supply chain tech firm Nifast, French water softener brand Culligan, and the government of the French island overseas department of La Réunion.
In the wake of the attack, Morrisons lost control of management systems for fresh, produce and bread, suffering a “total network shutdown” of its 21 warehouses in seven locations, and initially reverted to a manual contingency using picking sheets. The supermarket built an entirely new warehouse management system to maintain stock levels, which group director for logistics, supply chain and technology Ross Eggleton said its “exceptional response” to an “unprecedented event” marked an “achievement of the year” for the industry.
Sainsbury’s was also impacted by the outage but restored its service with Blue Yonder within weeks. The attack has also hit Starbucks in the US. A spokesperson for the coffee chain said it had “disrupted a back-end Starbucks process that enables employee scheduling and time tracking”. The business reverted to manual processes to ensure employees were paid for their hours worked.
No comments yet