Cyber Incident Victim: Sainsbury's

On or around November 21, 2024, a ransomware attack targeted Blue Yonder, described as one of the largest supply chain technology providers, disrupting operations for multiple retail clients including Starbucks and U.K. grocery chain Sainsbury’s. The attack compromised systems supporting critical retail functions such as workforce scheduling, inventory management, and supply chain coordination. Starbucks confirmed the incident impacted company-owned stores within its North American network of approximately 11,000 locations, though specific technical details about the intrusion vector or attacker identity remained undisclosed. Sainsbury’s experienced operational disruptions but did not specify the extent of impact across its store network or supply chain infrastructure. Neither retailer confirmed whether customer data was exfiltrated or encrypted during the attack.

Affected organizations activated contingency plans to maintain operations following the Blue Yonder service disruption. Starbucks and Sainsbury’s implemented manual or alternative systems to manage workforce scheduling and inventory processes typically handled by the compromised platform. No public statements disclosed whether ransom demands were issued, paid, or negotiated by Blue Yonder or its clients. The incident highlighted dependencies on third-party supply chain management platforms, with disruptions revealing vulnerabilities in centralized technology providers serving multiple major retailers. Neither Blue Yonder nor the affected retailers provided recovery timelines or detailed assessments of financial or operational losses by the time of initial reporting on November 25, 2024.