Blue Yonder, a leading supply chain management software provider, is investigating claims of data theft after a ransomware gang threatened to publish troves of stolen data. The Arizona-based company, which serves thousands of organizations including DHL, Starbucks, and Walgreens, was hit by a cyberattack on November 21.

The ransomware gang, known as "Termite," claimed responsibility for the attack on its dark web leak site, stating that it had stolen 680 gigabytes of data from Blue Yonder. The stolen data allegedly includes documents, reports, insurance documents, and email lists, which Termite claims it intends to use "for future attacks."

In a statement, Blue Yonder spokesperson Marina Renneke confirmed that the company is "aware of who has claimed responsibility" for the attack and is working with external cybersecurity experts to address the claims. The investigation remains ongoing, and it is unclear whether Termite has demanded a ransom payment from Blue Yonder.

Security experts believe that Termite is a rebranding of the notorious Russia-linked Babuk ransomware group, which carried out over 65 attacks and received $13 million in ransom payments, according to the U.S. Department of Justice. Threat intelligence company Cyble noted similarities between the Termite and Babuk ransomware strains, and security researchers at Broadcom observed the group using a modified version of Babuk ransomware.

On its dark web leak site, Termite is threatening to publish the allegedly stolen data "soon." While Blue Yonder declined to disclose how much and what types of data were stolen, it did not dispute the claims made by Termite. The company has notified customers who were impacted by operational disruptions and has been working with them throughout the restoration process.

It is still unclear how many of Blue Yonder's 3,000-plus customers were impacted by the incident. However, U.K. supermarket chains Morrisons and Sainsbury's previously confirmed that they had been affected, and U.S. coffee giant Starbucks said the ransomware attack had forced managers to manually calculate employees' pay.

The incident highlights the growing threat of ransomware attacks on supply chain management companies, which can have far-reaching consequences for their customers and partners. As the investigation continues, Blue Yonder's customers and the broader technology industry will be watching closely to see how the company responds to this incident and what measures it takes to prevent future attacks.

In the meantime, security experts are urging companies to take proactive measures to protect themselves against ransomware attacks, including implementing robust backup systems, conducting regular security audits, and educating employees on how to identify and respond to phishing attempts.