Canadian food retail giant Sobeys has suffered a ransomware attack that crippled IT systems across its grocery stores and pharmacies, affecting self-checkout stations, payroll management, gift card activation systems, and most backend services.

The company said in a press release that despite the IT issue its grocery stores were still open.

“The Company's grocery stores remain open to serve customers and are not experiencing significant disruptions at this time. However, some in-store services are functioning intermittently or with a delay,” the retailer said.

“In addition, certain of the Company's pharmacies are experiencing technical difficulties in fulfilling prescriptions. The Company however remains committed to the continuity of care of all its pharmacy patients.”

While the company didn’t provide additional details regarding the nature of the incident, local media reported that two provincial privacy watchdogs received data breach reports from Sobeys described as a “confidentiality incident.”

As Quebec’s access to information commission explained, such notices are only sent following incidents where personal information has been accessed in a breach.

According to a report from the tech news site BleepingComputer, Sobeys appears to have been hit with a Black Basta ransomware attack, which took place late Friday/early Saturday morning. Earlier this month, cybersecurity researchers linked the Black Basta ransomware operation to the financially motivated hacking group FIN7 (Carbanak). The analysis of tools used by Black Basta showed that a developer for FIN7 was also the creator of the EDR (Endpoint Detection and Response) evasion tools used exclusively by Black Basta since June 2022.