Starbucks Corp. said a ransomware attack at a third-party software supplier has disrupted its system for tracking employee schedules, forcing the coffee giant to manually tally workers’ hours and pay.

Blue Yonder Group Inc., a Panasonic subsidiary that provides supply chain management software, said its systems were disrupted by a Nov. 21 “ransomware incident.” Starbucks is among its customers and uses Blue Yonder software to schedule shifts and track retail workers’ hours in North America, a company spokesperson said.

Starbucks’ stores are resorting to manual methods such as pen and paper for employee scheduling, the spokesperson said, adding that the incident hasn’t impacted store operations or hours. The Blue Yonder breach is affecting company-operated stores in the US and Canada.

In a message to workers seen by Bloomberg News, Starbucks said that Blue Yonder hasn’t provided a timeline for when the issue may be resolved. To ensure workers get paid on Nov. 29, they’ll get compensated for scheduled shifts for the week of Nov. 18. That might differ from actual hours worked, since staffers might have picked up extra shifts or taken vacation or sick time that wasn’t entered into the system.

“We are hopeful this outage will not extend to impact payroll processing for future weeks,” the company said in the update to workers. “However, we are continuing to look for ways to improve pay accuracy and processing should the outage continue.”

In another message, Starbucks shared a template to help managers build schedules for the week of Dec. 9. The company usually creates schedules three weeks in advance.

Ransomware Incident

In a statement Monday, Blue Yonder said it had notified relevant customers about the incident and “will continue to communicate as appropriate.”

“Blue Yonder experienced disruptions to its managed services hosted environment, which was determined to be the result of a ransomware incident,” said Marina Renneke, a company spokesperson. “Since learning of the incident, the Blue Yonder team has been working diligently together with external cybersecurity firms to make progress in their recovery process. We have implemented several defensive and forensic protocols.”

The attack was previously reported by CNN, which said some UK grocery store chains had taken steps to deal with the incident.

A representative for the UK grocery chain Morrisons told Bloomberg News on Monday that the Blue Yonder breach had impacted warehouse management systems but added that the stores are now operating “satisfactorily” on back-up systems. Sainsbury’s confirmed the company used Blue Yonder but said it wasn’t experiencing disruptions because it had a back-up solution. An Asda spokesperson said the company used Blue Yonder but was unaffected.

Scottsdale, Arizona-based Blue Yonder’s customers include manufacturing, grocery, third-party logistics, automotive and restaurant companies, according to its website.