Tesco and Sainsbury’s supplier hit in latest cyber attack
A key logistics supplier to several of the UK’s major supermarkets, including Tesco and Sainsbury’s, has confirmed it is being held to ransom by hackers following a cyber attack that disrupted operations this week, following a string of assaults on UK retail in the last month.
Peter Green Chilled, which also supplies Aldi, said it was the victim of a ransomware attack on Wednesday evening and has since informed clients and partners of workarounds to maintain deliveries.
The Somerset-based cold storage and transport firm is not among the UK’s top 30 food distributors, but plays a crucial role in the chilled food supply chain.
While the firm said its transport operations were continuing as normal, it confirmed no new orders were processed on Thursday and only shipments prepared prior to the attack were sent out.
Wilfred Emmanuel-Jones, founder of The Black Farmer and one of Peter Green Chilled’s customers, said thousands of packs of meat products are now sitting idle.
“Ten pallets worth of meat products” were sitting there “and the clock is ticking”, he told the BBC. “There’s no information. Everything along the chain has to be stopped, and then there are thousands of pounds worth of products that are just wasting away”.
Managing director Tom Binks also told the BBC that the company is keeping clients informed but could not comment further while the situation is ongoing.
The attack is the latest in a string of high-profile cyber incidents targeting UK food supply chains.
Marks and Spencer and Co-op were both recently affected by ransomware groups, with M&S admitting that customer data had been stolen and operations disrupted.
The Co-op narrowly avoided being locked out of their systems entirely.
Ransomware attacks involve cyber criminals encrypting a company’s systems and demanding payment in exchange for restoring access.
The food distribution sector is particularly vulnerable, given its time-sensitive operations and dependency on logistics infrastructure.
Previous cyber attacks on UK supermarket chains
This is not the first cyber attack for these supermarket chains.
On 1st October 2018, after a long-running investigation, the FCA fined Tesco Bank £16.4m for weak cybersecurity controls that enabled an “avoidable” cyber-attack affecting 8,261 out of 131,000 customers with personal current accounts in November 2016.
Tesco was also previously hacked in 2014, when it was forced to suspend online customer accounts after the details of more than 2,000, including passwords, were posted online.
The chain had also suffered an attempted hack in 2021, which left systems down for a weekend although no data was lost
Meanwhile, Sainsbury’s was affected by a cyber-attack on payroll system provider Kronos in 2021.
Blue Yonder, a firm providing end-to-end supply chain management software, was the victim of a ransomware attack on 21st November 2024.
The attack caused operational disruption to several of Blue Yonder’s global clients, including coffee chain Starbucks and UK supermarkets Sainsbury’s and Morrisons.