Starbucks has restored its employee scheduling platform after a ransomware attack targeted its supply chain software provider, Blue Yonder. This breach, which we reported on November 26, affected numerous customers and raised significant concerns about data security and operational disruptions in the retail sector.
Starbucks restores employee scheduling after ransomware attack
Blue Yonder reported that most of its impacted customers, including Starbucks, have returned to normal operations following the attack. A spokesperson for the company confirmed, “A significant majority of our impacted customers have had their service restored.” Despite this recovery, Blue Yonder is continuing to assist clients still affected by the incident, ensuring they are kept updated throughout the restoration process.
The attack was attributed to a group known as Termite ransomware, which has claimed responsibility on a leak site. Blue Yonder is aware of these claims and is actively working with law enforcement as well as external forensic experts to investigate the breach further. The extent of the damage and the specific methods used by the attackers remain unclear as investigations are ongoing.
Starbucks confirmed the restoration of its scheduling platform on December 12, 2024. Prior to the system’s recovery, the coffee chain had to manually track barista hours to ensure timely employee payments during the disruption. A spokesperson for Starbucks emphasized the importance of vigilance in the coming weeks to verify that employees are paid accurately. The company clarified that the ransomware attack caused disconnection from Blue Yonder’s technology rather than direct access to its internal systems.
In addition to Starbucks, other customers affected by the Blue Yonder breach include the U.K. supermarket chain Morrisons, which also confirmed the restoration of operations after its warehouse management system faced disruptions from the attack. Blue Yonder’s technology serves a broad array of global clients, encompassing retailers, logistics companies, and manufacturers, which underscores the potential widespread impact of such security incidents.
Featured image credit: Marques Thomas/Unsplash
