Skip to main content
Cybersecurity StrategiesThreat Detection and Response

Recent Ransomware Attack on Sobeys

By November 29, 2022March 30th, 2024No Comments

The staff of Empire Co., the parent company of Sobeys, have started to speak out about the aftermath unfolding inside the grocery chain since a ransomware attack began plaguing its computer systems earlier this month.

Employees from across the country say some stores have run short of items because orders cannot be placed, while at others, food that had gone bad initially either piled up or was frozen because it couldn’t be removed from the inventory system.

Prescriptions were unable to be filled at their pharmacies for a week and customers couldn’t redeem loyalty points or use gift cards.  A concern was brought up by staff that they wouldn’t get paid because the payroll system was down!

Sounds like a nightmare right?  These are just some of the tragic results a ransomware attack can have on a business.

“It’s basically been a mess.… The word that can best describe it — just a mess,” said one employee who works in the front end at a Safeway in western Canada.

So how did this all happen? Empire announced in a news release Nov. 7 that an “information technology systems issue” was interfering with some services, including filling prescriptions at pharmacies.

The company owns 1,500 stores across Canada, including Sobeys, Lawtons, IGA, Safeway, Foodland, Needs and other grocery locations.

Recent Ransomware Attack on Sobeys

Quite a few cybersecurity companies have said that they believe the company’s systems were hacked, and a ransomware attack — when hackers lock computer systems until the money is paid — could be to blame.

“Somebody higher up got an email and basically clicked a link they weren’t supposed to,” said the front-end Safeway employee. “I don’t know the exact dollar figure, but I know it was like millions, like several millions.”

The troubles started overnight on Thursday, Nov 3rd and by Friday morning when employees arrived for work, their computers took longer than usual to boot up, and when they finally did, “nothing came up other than this big white block in the middle of the screen that said ransomware, please comply before proceeding or something like that,” said a worker in a meat and seafood department at a Safeway store.

Orders by managers followed asking employees not to log in, to unplug certain digital scales, and not to use the scanning equipment that allows them to track inventory.

Without computer systems and handheld scanners stores have not been able to place orders, so in some cases, they have run out of certain items.

After the first day or so of the outage, warehouses began to send products to stores based on what they had available and estimates of what they may need.

Some stores have not received any orders of a certain product, while others have.  This has caused employees from one store to drive over to pick up the needed items from another.

“When we finally get our system back, everything’s going to be so out of whack because nothing is being scanned,” said an employee.

As mentioned earlier the payroll system has also been affected. 

“I literally went into work and there was like a schedule written down on a piece of paper and I’m like, what is this?” said an employee.

Some employees are being asked to write down their hours in a logbook.

Since the first week of the two-week pay period occurred before the ransomware attack, employees would be given the same amount of pay for the second week, even if they did not work the same number of hours. Once the payroll system is functioning again, any worker who was overpaid will be expected to return overpayments.

Not only has this been a headache to employees and managers the customers were affected as well.

On the first day of the outage, self-checkout machines weren’t working.

“The lineups at the tills, because people aren’t used to that and we pump a lot of people through these self checkouts — so, a lot of upset customers over that,” said a Safeway worker.

Customers have been unable to use gift cards or redeem Scene loyalty points, and stores could not process Western Union transfers — causing frustration for some, one employee said. 

Sylvain Charlebois, the director of Dalhousie University’s Agri-Food Analytics Lab, said he has noticed a lot of empty shelves at Sobeys-owned stores since the attack but Canadians do not seem to be concerned.

“If it gets worse, maybe at some point people will realize how significant a ransomware hitting the food industry can be,” he said. “This is the No. 2 grocer in the country dealing with cyber terrorism. That’s a big deal.”

The attack is very worrisome from a privacy perspective because the company holds personal data through credit and debit cards, loyalty programs and pharmacy prescriptions.

The food retail industry is a high-volume, low-margin sector, so a significant hit from a cyber attack could bring an entire company down, Charlebois said.

“Cybersecurity is a huge vulnerability for our supply chains for sure, especially when it comes to food. You’re always a ransomware away from seeing food access becoming an issue in Canada.”