Skip to main content
close search
site logo
Dive Brief

Morrisons recovers warehouse systems following attack on Blue Yonder

The U.K. supermarket chain was one of several high-profile customers impacted by a ransomware attack against the supply chain management software provider.

Published Dec. 6, 2024
David Jones's headshot
Reporter
A worker scans produce at a Morrisons supermarket in 2017. The supermarket chain was impacted by a cyberattack against Blue Yonder in November 2024.
A worker scans produce at a Morrisons supermarket in 2017. The supermarket chain was impacted by a cyberattack against Blue Yonder in November 2024. The company says it has restored normal warehouse operations. Christopher Furlong via Getty Images

Dive Brief:

  • Morrisons, the U.K. supermarket chain, has restored normal operations following the November ransomware attack against Blue Yonder, which disrupted logistics and inventory management at numerous retailers, supermarkets and manufacturers across the globe. 
  • Morrisons, which has about 500 stores across the U.K., said last month the cyberattack led to an outage that impacted its warehouse management system for fresh food and produce. The company says those issues are now resolved.
  • The spokesperson confirmed the hackers did not gain access to Morrisons IT network nor was any customer data under threat. "We have recovered from the Blue Yonder outage quickly and our back up system is working well,” a Morrisons spokesperson said via email.

Dive Insight:

Arizona-based Blue Yonder was hit by a ransomware attack on Nov. 21, just days before the Thanksgiving holiday weekend in the U.S.  

Blue Yonder, which was acquired by Panasonic in 2021, provides supply chain management software that helps companies forecast sales, manage store inventories and automate additional logistics. 

The company’s managed services hosted environment was impacted by the attack. The company has been working with external forensic experts to investigate the impact and said it has taken steps to harden its network environment. 

A new threat group called Termite ransomware claimed credit for the attack in a posting on a dark web leak site, researchers at Arctic Wolf told Cybersecurity Dive. The group, which just launched the leak site in October, claims to have 680GB of Blue Yonder data.

Researchers from Broadcom say Termite appears to use a modified version of Babuk ransomware and have previously claimed victims in Canada, France, Germany and the U.S. among others. 

Blue Yonder said on Sunday it was making progress towards a full recovery and was actively working with customers to help them restore normal operations. 

Starbucks, another major customer of Blue Yonder, said the attack impacted a scheduling platform used by baristas to keep track of their hours worked, but service was otherwise normal. 

The international coffee house chain was working to make sure workers did not have their paychecks delayed. It has not provided an update since last week on restoration efforts.

Filed Under: Breaches, Cyberattacks

Editors' picks

Company Announcements

View all | Post a press release
Rumpke Data Breach Investigation
From Migliaccio and Rathod
December 11, 2024
Only Cynet Delivers 100% Protection and 100% Detection Visibility in the 2024 MITRE ATT&CK Eva…
From Cynet Security
December 11, 2024
Whalebone Ranks Third Straight Year Among Central Europe’s 50 Fastest-Growing Companies
From Whalebone
November 25, 2024
Why Cybersecurity Leaders Trust the MITRE ATT&CK Evaluations
From Cynet Security
December 05, 2024
Editors' picks
Latest in Breaches
Industry Dive is an Informa TechTarget business.
© 2024 TechTarget, Inc. or its subsidiaries. All rights reserved. | View our other publications | Privacy policy | Terms of use | Take down policy.
Cookie Preferences / Do Not Sell
This website is owned and operated by Informa TechTarget, part of a global network that informs, influences and connects the world's technology buyers and sellers. All copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. TechTarget, Inc.'s registered office is 275 Grove St. Newton, MA 02466.