Supply chain software giant Blue Yonder is currently investigating a major data breach after the “Termite” ransomware gang claimed responsibility for a cyberattack that hit the company on November 21. The group alleges it has successfully exfiltrated 680 gigabytes of sensitive corporate data.
The Scope of the Breach
Blue Yonder, an Arizona-based firm providing critical supply chain management software to global giants like DHL, Starbucks, and Walgreens, confirmed the incident was a ransomware attack shortly after it occurred. The situation escalated on Friday when the Termite gang posted on its dark web leak site, claiming to possess a massive cache of documents, reports, insurance files, and email lists.
The attackers have explicitly stated their intention to use this stolen information for future malicious operations. While Blue Yonder has not publicly disputed the hackers’ claims, the company remains tight-lipped regarding the specific nature and volume of the compromised data.
Who is the Termite Ransomware Gang?
Security researchers have identified significant technical overlaps between the Termite group and the notorious, Russia-linked Babuk ransomware syndicate. According to the U.S. Department of Justice, the original Babuk group was responsible for over 65 attacks and extorted more than $13 million in payments.
Threat intelligence experts at Cyble and Broadcom have observed Termite utilizing modified versions of the Babuk source code, suggesting a tactical rebranding of the previous criminal operation.
Operational Impact and Regulatory Status
Blue Yonder spokesperson Marina Renneke stated that the company is working closely with external cybersecurity experts to manage the fallout. “We are aware that an unauthorized third party claims to have taken certain information from our systems,” Renneke confirmed. “The investigation remains ongoing.”
The impact on Blue Yonder’s 3,000-plus customer base is significant:
- Starbucks: Forced to resort to manual employee payroll calculations.
- Morrisons and Sainsbury’s: U.K. supermarket chains confirmed they were affected by the disruption.
Despite these widespread operational issues, the U.K.’s Information Commissioner’s Office (ICO) noted that it has not yet received a formal data breach report from the company. In its latest cybersecurity incident update, Blue Yonder emphasized that it has been notifying impacted customers and assisting in the restoration of services.
It remains unclear if the hackers have issued a specific ransom demand, as Blue Yonder has declined to provide details on potential negotiations.