See it and Sell it First at ASI Show Orlando – January 4-6, 2025.   Register Now.

Ransomware Attack Highlights Threat to Supply Chain Management Providers

The hacking of software provider Blue Yonder, which specializes in supply chain logistics, is reportedly affecting clients that include grocery chains and Starbucks.

Key Takeaways

Infiltrated: A ransomware attack on Blue Yonder disrupted supply chains for major grocery providers like Morrisons and Sainsbury’s, as well as Starbucks.


Threat on the Rise: The attack highlights the increasing vulnerability of supply chain providers to cyber threats.


A Stark Reminder: The incident underscores the growing need for robust cybersecurity in industries that include the promotional products space.

A ransomware attack on an Arizona-based supply chain management software provider with domestic and overseas customers, including Fortune 500 firms, has caused challenges for Starbucks, major grocery providers in the United Kingdom and possibly other clients, too.

The attack on Blue Yonder throws into relief what some tech analysts described as the intensifying vulnerability of supply chain businesses to ransomware attacks – a threat about which the promotional products industry should be aware.

Owned by Panasonic after being acquired in 2021, Blue Yonder reported last week that hackers successfully struck its managed hosted services environment. The digital criminals were not, however, able to penetrate the company’s Azure public cloud services, according to Blue Yonder.

Blue Yonder has partnered with external cybersecurity experts to set things right – a process that includes investigating the incident to understand its full scope and putting in place defensive and forensic bulwarks to minimize the impacts.

While the firm reported “steady progress” over the weekend, it wasn’t out of the woods yet: An estimated restoration time wasn’t available as of this Nov. 25 writing.

Starbucks, Grocery Chains Under Pressure

The attack was reportedly affecting two of the biggest grocery chains in the United Kingdom – Morrisons and Sainsbury’s, both of which partner with Blue Yonder for help managing their supply chains.

Morrisons told Cybersecurity Dive that the disruption was affecting its warehouse management system for fresh food and produce. The grocer added that it’s operating on backup systems, trying its best to deliver for customers.

“We have reverted to a backup process, but the outage has caused the smooth flow of goods to our stores to be impacted,” a spokesperson for Morrisons told CNN.

Sainsbury’s, another large grocery chain in the U.K., reported to CNN that it had “contingency processes in place” to deal with the Blue Yonder outage.

$4.88 Million
The average cost of a data breach in 2024, making it the highest average on record.(IBM)

Meanwhile, Starbucks’ back-end processes, including those related to scheduling and hours management, were also reportedly impacted by the hack on Blue Yonder. The coffeehouse chain said the ransomware did not affect the consumer-facing aspects of its business.

To ensure employees get paid properly and that scheduling proceeds apace, Starbucks gave guidance to store leaders and managers on how to work around issues manually.

A Growing Threat

Other Blue Yonder customers have included Kroger, as well as Albertsons, parent firm to U.S. grocery chains such as Safeway. Anheuser-Busch and Procter & Gamble have relied on Blue Yonder, too. It wasn’t clear if any of those companies were being affected, nor was it known if any promotional products industry companies were being hit by the hacking as of this writing.

“The incident highlights the growing vulnerability of supply chain companies to ransomware attacks, which can have far-reaching consequences for businesses and consumers alike,” Tech Monitor reported.

Nearly Double
The average ransomware payout has increased dramatically from $812,380 in 2022 to $1,542,333 in 2023.(SC Magazine)

Just a month ago, OpenText published its third annual 2024 Global Ransomware Survey. The report spotlighted how the threat against supply chain software is on the rise, along with the role of generative artificial intelligence in cybercrime.

“The survey revealed that 62% of respondents had faced a ransomware attack originating from a software supply chain partner within the past year, highlighting the extensive reach of these threats,” Tech Monitor noted.

Certainly, cybersecurity in the promotional product industry has been top of mind for merch executives. At the 2024 ASI Power Summit, industry leaders acknowledged in a panel discussion that it has become a huge concern and that large portions of their information technology budgets go toward protecting their businesses against such attacks.

The panelists shared that, through proper employee training and consistent evolution of systems to account for potential vulnerabilities, businesses can greatly increase their chances of fending off an attack. It’s possible for small and midsized companies, too.

Still, nothing is foolproof, and promo firms large and small have sustained attacks. Counselor Top 40 distributor Staples Promotional Products (asi/120601) suffered an apparent hacking last December.

A 2019 hacking at Counselor Top 40 firm alphabroder (asi/34063) led to a ransom payment. Top 40 supplier Hit Promotional Products (asi/61125) contended with what was described as a cybersecurity incident in March of last year.

Meanwhile, MV Sport/The Game (asi/68318) sustained an attack in September/October 2022. Aakron Line (asi/30270) dealt with a malware issue. HanesBrands (asi/59528) was compromised. Essent Corporation, a promo-focused business management platform, fell prey to an encryption attack in late 2022. Hackers infiltrated a Cisco merch store in September.

Protect Your Business

The National Institute of Standards and Technology offers the following advice to help businesses protect themselves from a ransomware attack.

• Use antivirus software at all times – and make sure it’s set up to automatically scan emails and removable media (e.g., flash drives) for ransomware and other malware.

• Keep all computers fully patched.

• Use security products or services that block access to known ransomware sites on the internet.

• Configure operating systems or use third-party software to allow only authorized applications to run on computers.

• Restrict or prohibit use of personally owned devices on the organization’s networks and for telework/remote access without taking extra steps to assure security.

• Employees should use standard user accounts instead of accounts with administrative privileges whenever possible.

• Employees should avoid using personal applications and websites, such as email, chat and social media, from work computers.

• Workers should avoid opening files, clicking on links, etc. from unknown sources without first checking for suspicious content. For example, an individual can run an antivirus scan on a file or look at a link to see if it really goes to the site it claims to be going to.