USA 
United Kingdom
Starbucks has been forced to schedule shifts and calculate staff pay manually following a ransomware attack on one of its third-party software vendors.
While the coffee chain has not publicly said which of its software providers suffered the attack, initial reports by the Wall Street Journal stated that Blue Yonder, an enterprise cloud services provider based in Arizona, was the vendor in question.
The ransomware attack on Blue Yonder and subsequent outage was first announced on November 21 and has reportedly affected many of its customers, including Starbucks’ 11,000 stores in North America.
Starbucks has reassured staff that they will be fully paid for all hours worked.
How has the ransomware attack affected Starbucks store management?
Following the outage, baristas are reportedly unable to view and manage their schedules on the usual platform.
Store managers and leaders are also unable to see the usual view of the full work schedules of their store, leaving them unable to track hours being worked automatically.
Accordingly, staff and managers are manually scheduling and tracking hours worked.
Speaking to the Wall Street Journal, Starbucks said employees would still be fully compensated and that customer service would not be disrupted.
“Keeping our partners (associates) whole despite the outage continues to be our priority and we’re ensuring they will receive pay for all hours worked," the statement said.
Jaci Anderson, a spokesperson for Starbucks, told Axios the business is working quicky to bring back-end services back online and to ensure employees are paid on time and in full.
Starbucks will initially pay its workers for pre-scheduled shifts. Once its workforce management platform is back up and running, it will then make any necessary adjustments or corrections to ensure employees are paid correctly.
Starbucks vendor ‘working around the clock’ to resolve software issue
In its most recent statement shared Monday, Blue Yonder said it was “working around the clock to respond to this incident and continues to make progress.”
At the time of writing, the cloud services business hasn’t yet given a specific timeline on how long it expects its services to be down.
Among other businesses affected by the outage are Ford and two of the biggest UK supermarket chains, Sainsbury's and Morrisons.
Turning workforce data into early warnings for high-cost employees
Many employers only learn about high-cost claims after the fact, relying on annual health plan reports that provide little opportunity for prevention. Yet when absenteeism, disability, and workers’ compensation are included, the top 5 percent of cases drive nearly 60 percent of total costs. Looking only at medical and pharmaceutical claims limits an employer’s ability to understand where risk is forming and how costs escalate over time.
By integrating medical, pharmaceutical, disability, absence, compensation, and broader human capital data, employers gain a more complete and predictive view of workforce risk. Workpartners’ Human Capital Risk Index (HUI) leverages this integrated data warehouse to flag emerging high- and moderate-risk cases early, enabling timely, HIPAA-compliant outreach and clinical prevention.
Through a holistic, person-centric care model, individuals receive high-touch support across health, work, and family dimensions—helping shorten or prevent periods of high risk and high cost. The result is earlier intervention, improved outcomes, and measurable reductions in utilization, lost time, and total cost.
What You’ll Learn
Why high-cost claims are often identified too late
How integrated data improves risk prediction
How our HUI flags emerging risk early
Why holistic, person-centric care matters
How early intervention reduces total cost
However, as each company will use Blue Yonder’s cloud software to support different platforms, the impact on those businesses is different to Starbucks.
The supermarkets, for example, saw their food and produce stock management systems disrupted.
Meanwhile, the automaker has released a statement but has not specified how it has impacted. “Ford is aware and is actively investigating if a cyber incident at a third-party supplier has any impact on our operations or systems,” Ford spokesperson Ian Thibodeau told CNN.
Ransomware attacks a major concern for employers in 2024
CNBC, citing a report from the Office of the Director of National Intelligence, said that 2024 is on track to be one of the worst years on record for ransomware attacks.
According to a study from CyberInt, the US reported over 250 ransomware incidents in the first three quarters of 2024, up 24% compared to the same period in 2023.
Cybersecurity experts have previously indicated that the risk of ransomware attacks rises during the holiday season, including Thanksgiving and the Black Friday weekend.
Ransomware attacks, as well as directly disrupting business operations and workforce management, can also cause employees stress and negatively impact their wellbeing.
Employers are encouraged to proactively take steps to mitigate the risk of cybersecurity attacks, including training for workers to improve their awareness of potential threats such as phishing.
