This story was originally published on Cybersecurity Dive. To receive daily news and insights, subscribe to our free daily Cybersecurity Dive newsletter.

Blue Yonder is making progress toward a full recovery following a pre-Thanksgiving ransomware attack, the company said Sunday. A number of impacted customers are back up and running. 

The Arizona-based supply chain technology company was the target of a Nov. 21 ransomware attack, which impacted its managed services hosted environment. Major companies, including Starbucks and U.K. supermarket chain Morrisons, dealt with operational disruptions in connection with the attack.

“We are making good progress, several of our impacted customers have been brought back online, and we are actively working directly with others to return them to normal business operations,” a Blue Yonder spokesperson said via email.

Morrisons, which has about 500 stores in the U.K., said the Blue Yonder attack led to an outage in its warehouse management systems for fresh food and produce. The company on Monday said the situation has significantly improved. 

“We are recovering quickly and our back up system is working well,” a spokesperson said via email. 

There are still some supermarkets where some products are not fully available, but the chain said it is making good progress, Morrisons said.  

Starbucks last week said the attack impacted an internal platform the company uses to track hours worked by employees. The company reverted to manual processes to make sure workers would get paid. A spokesperson was not immediately available for comment Monday. 

Other large customers of Blue Yonder remained unaffected. DHL, which also uses Blue Yonder technology, said it was not directly impacted by the attack. “We are aware of isolated infrastructure outages in Blue Yonder’s systems that are reportedly impacting some of their customers,” a DHL spokesperson said via email. 

Blue Yonder has not commented on any details of the attack, except to say there was no impact on its Azure public cloud environment.

Supply chain security has been a major concern for retailers, particularly this close to Thanksgiving and Black Friday, which kicks off the Christmas holiday shopping season. 

Sophos data shows 45% of retail organizations were hit by ransomware in 2024, largely because of exploited vulnerabilities. 

"Supply chain attacks pose a growing threat to organizations, applying significant pressure on the customers who rely on these vendors,” Peter Mackenzie, director, incident response at Sophos, said via email. “While the full impact of this particular attack remains unclear, affected customers often have limited options while awaiting remediation.