Inside the turmoil at Sobeys-owned stores after ransomware attack

Employees of Empire Co., the parent company of Sobeys, have begun to speak out about the turmoil unfolding inside the grocery chain since a ransomware attack began plaguing its computer systems earlier this month.

Workers from across the country say some stores have run short of items because orders cannot be placed as usual, while at others, food that had gone bad initially either piled up or was frozen because it couldn’t be removed from the inventory system.

Pharmacies were unable to fill new prescriptions for a week, customers cannot redeem loyalty points or use gift cards, and staff were concerned last week they wouldn’t get paid because the payroll system is down.

“It’s basically been a mess.… The word that can best describe it — just a mess,” said one employee who works in the front end at a Safeway in western Canada.

The CBC has agreed to protect the identities of employees it has spoken to, as they are worried they’ll be fired if the company knows they shared internal information.

Ransom messages on computers

Empire announced in a news release Nov. 7 that an “information technology systems issue” was disrupting some services, including filling prescriptions at pharmacies. The company did not respond to questions from the CBC last week, but said in a statement Nov. 11 its pharmacies were once again fully operational, though stores were still experiencing challenges.

The company owns 1,500 stores across Canada, including Sobeys, Lawtons, IGA, Safeway, Foodland, Needs and other grocery outlets.

Several cybersecurity experts have said they suspect the company’s systems were hacked, and a ransomware attack — when hackers lock computer systems until money is paid — could be to blame.

The employees who spoke with the CBC said ransomware was indeed the cause of the problem.

“Somebody higher up got an email and basically clicked a link they weren’t supposed to,” said the front-end Safeway employee. “I don’t know the exact dollar figure, but I know it was like millions, like several millions.”

The troubles began overnight Thursday, Nov. 3 into Friday, Nov. 4.

When employees arrived for work on Friday, their computers took longer than usual to boot up, and when they finally did, “nothing came up other than this big white block in the middle of the screen that said ransomware, please comply before proceeding, or something like that,” said a worker in a meat and seafood department at a Safeway store.

“I saw the word ransom and that scared me right away.”

Orders at the whim of warehouses

Employees were told not to log in, to unplug certain digital scales, and not to use the scanning equipment that allows them to track inventory.

Without the computer systems and handheld scanners, called Telxon guns, stores have not been able to place orders, so in some cases, they have run out of certain items.

After the first day or so of the outage, warehouses began to send products to stores based on what they had available and estimates of what they may need.

A display case at Sobeys sits empty on Nov. 14, more than a week after a ransomware attack affected computer systems at the chain. Employees say the IT issue has affected their ability to bring in some items. (CBC)

“It’s hit and miss what the warehouse is going to send us,” said one employee. “So we’re getting all kinds of weird stuff that we haven’t seen in decades.”

Some stores have not received any orders of a certain product, while others have, so employees from one store have driven over to pick up the needed items from another.

At some stores, staff have been writing out price signs by hand because the system they usually use is not available.

“When we finally get our system back, everything’s going to be so out of whack because nothing is being scanned,” said an employee.

Scheduling and payroll

The computer issues have also disrupted Empire’s ability to maintain its usual scheduling and payroll systems.

“I literally went into work and there was like a schedule written down on a piece of paper and I’m like, what is this?” said a worker.

Some employees are being asked to write down their hours in a logbook.

Employees in the chain are paid every other week, and some were told last week they would not get paid last Thursday, their scheduled payday.

However, workers later told the CBC the company found a workaround: since the first week of the two-week pay period occurred before the ransomware attack, employees would receive the same amount of pay for the second week, even if they did not work the same number of hours. Each employee also received an extra $100 on Thursday to compensate for any extra hours they may have worked the second week.

Once the payroll system is functioning again, any worker who was overpaid will be expected to return overpayments.

Impacts on customers

Many customers are likely unaware of the difficulties employees are dealing with. But some impacts have been clear.

On the first day of the outage, some self-checkout machines weren’t working.

“The lineups at the tills, because people aren’t used to that and we pump a lot of people through these self checkouts — so, a lot of pissed-off customers over that,” said a Safeway worker.

Employees say some signs at Empire-owned stores are handwritten because they are unable to use some computer systems due to a ransomware attack. (CBC)

Customers have been unable to use gift cards or redeem Scene loyalty points, and stores have been unable to process Western Union transfers — causing frustration for some, one employee said. 

The company has not officially told employees the cause of the outage. They have been instructed to simply tell customers it’s an IT issue.

“You kind of feel bad having to like just you know, water it down, what’s really going on, to customers,” said an employee. “You feel like you’re deceiving everybody because there’s more going on behind the doors than what they’re trying to make it out to be.”

Food security concern

Sylvain Charlebois, the director of Dalhousie University’s Agri-Food Analytics Lab, said he has noticed a lot of empty shelves at Sobeys-owned stores since the computer issue began.

But so far, Canadians do not seem to be particularly concerned about the issue, he said. 

“If it gets worse, maybe at some point people will realize how significant a ransomware hitting the food industry can be,” he said. “This is the No. 2 grocer in the country dealing with cyber terrorism. That’s a big deal.”

Sylvain Charlebois is the director of the Agri-Food Analytics Lab at Dalhousie University in Halifax. (Submitted by Sylvain Charlebois)

He said the hack is worrisome from a privacy perspective, because the company holds personal data through credit and debit cards, loyalty programs and pharmacy prescriptions.

But the disruption is also significant from a food-security perspective. The food retail industry is a high-volume, low-margin sector, so a significant hit from a ransomware attack could bring an entire company down, Charlebois said.

That would mean part of the food distribution system could be disabled, and food prices would likely increase, at least temporarily.

“I have faith in the food industry. They would recalibrate and restart and things like that. But it would take a while,” Charlebois said.

“Cybersecurity is a huge vulnerability for our supply chains for sure, especially when it comes to food. You’re always a ransomware away from seeing food access becoming an issue in Canada.”

Comments (0)
Add Comment