Starbucks forced to pay its baristas manually because of a ransomware attack on third-party software

Sean Lyngaas | 11/26/2024, 9:30 a.m.
A ransomware attack has disrupted a third-party software system that Starbucks uses to track and manage its baristas’ schedules, forcing …
Starbucks forced to pay its baristas manually because of a ransomware attack on third-party software, and the Starbucks logo is seen on September 21. Mandatory Credit: Matthias Balk/picture alliance/Getty Images via CNN Newsource

 A ransomware attack has disrupted a third-party software system that Starbucks uses to track and manage its baristas’ schedules, forcing the coffee chain to shift to manual mode to ensure its employees get paid properly, a Starbucks spokesperson said Monday.

Starbucks’ store leadership have advised their employees on how to work around the outage manually, and the company will make sure everyone gets paid for all hours worked, according to Starbucks spokesperson Jaci Anderson.

Starbucks joins a growing list of companies disrupted by the hack of Blue Yonder, an Arizona-based cloud services provider that serves grocery stores and Fortune 500 firms. Two of the top four grocery chains in the United Kingdom told CNN over the weekend that they were taking steps to deal with the Blue Yonder outage.

The Wall Street Journal first reported that Starbucks was impacted by the Blue Yonder hack.

Automaker Ford said Monday that it was investigating any potential impact.

“Ford is aware and is actively investigating if a cyber incident at a third-party supplier has any impact on our operations or systems,” said Ford spokesperson Ian Thibodeau.

A range of major multinational corporations use Blue Yonder cloud services to manage their supply chains. The company has declined to answer questions about which of its clients were affected by the hack. Blue Yonder’s latest public statement says it is “working around the clock to respond to this incident and continues to make progress.”

Since the hackers struck last week, Blue Yonder has been scrambling to work with US-based clients to mitigate any impacts on customers.

Blue Yonder has hired US cybersecurity firm CrowdStrike to recover from the hack, two sources familiar with the matter told CNN. A CrowdStrike spokesperson referred questions to Blue Yonder.

Ransomware attacks typically lock computer systems so that hackers can demand an extortion fee. Cybercriminals extorted a record $1.1 billion in ransom payments from victim organizations around the world in 2023 despite US government efforts to cut off their money flows, according to crypto-tracking firm Chainalysis.

Ransomware attacks are pervasive throughout the year, but the holiday shopping season can be a particularly opportune time for hackers to strike as companies rush to fill orders.

Cybersecurity firm Semperis found that 86% of surveyed organizations in the United States, United Kingdom, France and Germany that faced ransomware attacks were targeted on a holiday or weekend.

The disruption is the latest challenge facing new Starbucks CEO Brian Niccol, who is grappling with three consecutive quarters of declining sales.