KP Snacks Super 7 range

Source: KP Snacks

KP Snacks has warned there could be shortages of its crisps and nuts in the weeks ahead, following a ransomware attack.

The bagged snacks giant – which owns the likes of Hula Hoops, Nik Naks, KP Nuts, Tyrrell’s, McCoy’s, Butterkist, Discos and Skips – first discovered that it had fallen victim to the cyber attack on 28 January.

“As soon as we became aware of the incident, we enacted our cybersecurity response plan and engaged a leading forensic information technology firm and legal counsel to assist us in our investigation,” a spokeswoman for KP told The Grocer.

“Our internal IT teams continue to work with third-party experts to assess the situation.”

While the attack was “causing some disruption to our manufacturing and shipping processes”, KP Snacks was “already working on plans to keep our products stocked and on shelves”, said the spokeswoman.

“We have been continuing to keep our employees, customers and suppliers informed of any developments and apologise for any disruption this may have caused,” she added.

In a letter seen by Better Retailing, which broke the story, it warned customers that disruption could last ‘until the end of March at the earliest’.

Jonathan Wood, CEO and founder of supply chain risk management company C2 Cyber, said the ransomware attack appeared to have impacted KP Snacks’ corporate IT systems, rather than its operational technology.

As a result, the company was probably “still making crisps, but they don’t know who to send them to, or who’s ordered what or what to put on each pallet”, he said.

Wood added: “Somewhere in their supply chain – as in a vendor to them, or one of their own team – has clicked on an email with malware in it or has visited a site, and malware has travelled back down from visiting an insecure website.”

Keiron Holyome, BlackBerry VP for the UK, Ireland and the Middle East said: “Businesses should not have to suffer the effects of cyberattacks.

“It doesn’t matter whether it’s logistics, fuel or food – these supply chains present unique and complex challenges from a cybersecurity perspective.”

Prevention was the “best strategy”, said Holyome. “With a prevention-first and AI-driven approach, malware can be stopped in its tracks,” he added.

It comes after an IT system upgrade at owner PepsiCo last year made headlines by causing weeks of disrupted supply of Walkers products. At the height of the crisis, grocery sales of Walkers crisps were down 38% to £7.5m in the week ending 6 November 2021 versus £12m in the same period in 2020 [NielsenIQ].

Amid the disruption, KP Snacks saw “accelerated demand levels across our portfolio”, group sales director Andy Riddle told The Grocer.