Starbucks HR processes reportedly disrupted by Blue Yonder breach
A ransomware attack on one of its software vendors has reportedly caused issues for Starbucks’ scheduling and shift-tracking activities.
According to CNBC, Starbucks Coffee Company has confirmed that a ransomware attack on one its third-party software vendors has shut down the platform it uses to let store associates view their schedules and store managers and corporate officials keep track of the hours they have worked.
Starbucks told CNBC that it is cooperating with the vendor to resolve the issue with the platform and is able to still manually perform these workforce management processes. Customer service in its stores has reportedly not been affected.
While Starbucks has not publicly identified the vendor which experienced the ransomware attack, the Wall Street Journal (which initially reported the incident) said enterprise software provider Blue Yonder, whose clients include Starbucks, announced on Thursday, Nov. 21 that its services had been affected by ransomware and it was working to fix the problem.
"Keeping our partners (associates) whole despite the outage continues to be our priority and we’re ensuring they will receive pay for all hours worked," Starbucks said in a statement to the Wall Street Journal.
According to the Wall Street Journal, Starbucks is paying store associates for their previously scheduled shifts and will make any adjustments based on actual hours worked once its workforce management software is back online.
In commentary emailed to Chain Store Age, James McQuiggan, security awareness advocate at cybersecurity platform provider KnowBe4, said a ransomware attack means cybercriminals have already been inside an organization’s network, data, and infrastructure for some time.
"While no one likes unwanted visitors in their homes, having cybercriminals sitting in the network is just as unnerving," said McQuiggan. "Organizations must prepare for these types of attacks and be fully aware of the steps they need to take to remove unwanted visitors and address data loss, breaches, or loss of trust with their clients or customers."
[READ MORE: Survey: Retailers are not prepared for ransomware attacks]
According to McQuiggan, these steps include having a well-documented and reviewable incident response (IR) plan with regular testing.
"As part of the IR plan, backup and recovery processes must be routinely tested and isolated from production environments to allow for rapid recovery and reduce the leverage of attackers demanding ransom," said McQuiggan.
