News / UK supermarket supply chains hit by Blue Yonder cyber attack

Dreamstime

Services may once again be operational – but a cyber-attack against US-based supply chain SaaS provider Blue Yonder has added further worries to logistics companies around ongoing geopolitical instability.

The attack, which occurred last Thursday (21 November) hit an unknown number of Blue Yonder customers, but in the UK supermarkets Morrisons and Sainsbury’s both confirmed that their systems had been knocked out of action.

As of yet, Morrisons has responded to requests for comment, but a Sainsbury’s spokesperson told The Loadstar “our service has since been restored” although they would not be drawn on how long the system was down, the impact it had had, nor if a backlog had been created.

However, Morrisons’ suppliers told The Grocer the attack left them unable to deliver stock to depots, one noting on Friday it had “cancelled” all of its chilled orders for the day as a result, with Morrisons warning customers some stock lines may fall below 60% availability.

A statement on Blue Yonder’s website said that it had determined the disruption “to be the result of a ransomware incident, the Blue Yonder team has been working diligently together with external cybersecurity firms to make progress in their recovery process”.

It added: “We have implemented several defensive and forensic protocols. The experts along with the Blue Yonder team are working on multiple recovery strategies, and the investigation is ongoing. At this point in time, we do not have a timeline for restoration.”

Stressing in its last update, on Sunday night, that its team “was working around the clock to respond to this incident,” it was nonetheless unable to share any further updates regarding the complete restoration of services, asking customers check back “over the coming days”.

Cyber security expert and founder and chief executive of Dynarisk Andrew Martin told The Loadstar: “Unfortunately this is the second attack effecting UK food distribution in less than a month after Microlise earlier in November.

“While we do not know yet how hackers got in, companies should ensure they are managing identities and privileged access, using EDR solutions on endpoints, training staff members on information security policies and monitoring for cyber threat intelligence.”

Mr Martin also suggested companies consider cyber insurance and that those in the food supply ecosystem consider this latest attack an opportunity to learn from and ensure “they are taking appropriate steps for their organisations to protect themselves and their customers”.

DHL Supply Chain, as well as other leading UK supermarkets, Asda, Tesco, and Waitrose, also count themselves among Blue Yonder’s customer base, but they avoided being affected, a Tesco spokesperson confirmed to The Loadstar.

Meanwhile, with no group having come forward to claim responsibility, the attack comes in the wake of a series of threats that Russia may choose to target western supply chains as a response to the continuing support Ukraine has received from the Europe and the US.

Suspicions have already been cast on Moscow for a series of fires that have broken out across logistics warehouses since the summer, while the crash of an aircraft operated on behalf of DHL has also had people raising questions.