Sobeys, Safeway grappling with IT issues as Maple Leaf Foods announces cybersecurity incident

Some stores across Canada owned by Empire Company Ltd., including Sobeys, Safeway and affiliated pharmacy services, continue to experience disruptions due to an information technology systems issue.

Empire, which owns Sobeys, Lawtons, IGA, Safeway, Farm Boy, Foodland and FreshCo, among other brands, announced Monday an IT problem is preventing some of its pharmacies from filling prescriptions.

The issue has also caused some services to be delayed or to function only intermittently.

A news release from the company said it is working to remedy the problem, but could not estimate when all services will be restored.

"At Sobeys, exceeding the needs of our customers is always our top priority," said chief operating officer Pierre St-Laurent in the news release. "Our sole focus right now is on getting this problem rectified and we will provide further updates as relevant information becomes available."

The CBC contacted the company to ask questions about the IT issue, but an emailed response simply pointed to the news release.

Over the weekend, some pharmacy staff told the CBC they were not able to access their computers, but that they could supply customers with a few days' worth of medication if customers presented their empty bottles.

Maple Leaf announces 'cybersecurity incident'

Meanwhile, Maple Leaf Foods announced in a news release late Sunday night that a "cybersecurity incident" caused a system outage at the company.

The company said it became aware of the issue over the weekend and immediately began working with cybersecurity and recovery experts, information systems professionals and third-party specialists to investigate the outage.

Maple Leaf said it expects ongoing service and operational disruptions as it works to resolve the outage, and said it does not have an estimated time for restoration.

The company declined an interview. In an emailed statement, Maple Leaf said the disruptions "vary by business unit, plant and site."

'Something is just not right'

Sylvain Charlebois, the director of the Agri-Food Analytics Lab at Dalhousie University, said he began to receive messages from people on Friday night about issues at Empire, including copies of internal company letters.

He said the lack of public information coming from Empire makes him suspect the issue is more significant than a simple information technology problem. He said companies would likely be more forthcoming about that.

"But they're not right now, which begs the question, what is really going on here? … I mean, Maple Leaf was clear, it's a cybersecurity issue, so it can mean a whole lot of different things, but they were clear. Whereas Sobeys, it's unclear. So lots of question marks, but you can feel that something is just not right."

Charlebois said the situation reminds him of last year's ransomware attack on the world's largest meat processing company, JBS. The Brazil-based company paid $11 million US to hackers who broke into the computer system.

Ransomware attacks use malware installed on a computer to allow people to lock and hold data or information for ransom.

"JBS is a multibillion-dollar company, OK? It's one of the largest food companies in the world. If it had to pay a ransom, I can't imagine how much pressure some Canadian companies are under. They're much smaller and less resourceful," Charlebois said.

He said he doesn't see much evidence that cybersecurity has been taken seriously by the agri-food industry, and he's worried more attacks will occur in the sector in the future.

"The entire food system works on the basis that computers will communicate with each other," he said. "So as soon as you have a cyberattack disrupting the efficiency of supply chains, costs could go up. Even worse, access to food could also become a problem. You could actually see many stores without any supplies for days and you don't want that to happen."

The CBC asked Sobeys if its IT issue was a ransomware or cybersecurity issue. The company did not respond.