Overview of the United Natural Foods (UNFI) Cyberattack
United Natural Foods Inc. (UNFI), the primary distributor for Whole Foods and a major supplier to over 30,000 retailers across North America, experienced a significant cybersecurity incident beginning on June 5, 2025. The attack led to widespread disruptions in its operations, particularly affecting its ability to fulfill and distribute customer orders, including those to Whole Foods.
Timeline and Immediate Impact
• June 5, 2025: UNFI detected unauthorized activity on its IT systems and responded by taking certain systems offline to contain the incident.
• June 9-10, 2025: The company disclosed the breach in a regulatory filing and began remediation efforts, engaging third-party cybersecurity experts and notifying federal law enforcement.
• Ongoing: The outage has caused temporary disruptions to business operations, with Whole Foods warning staff that product availability and delivery schedules would be affected for several days.
Operational Disruptions
• UNFI’s ability to select and ship products from its warehouses has been impaired, leading to supply chain delays and inventory shortages at Whole Foods and other retailers.
• Whole Foods instructed employees to communicate only that there are “temporary supply challenges” to customers, as the situation is actively being managed.
• Despite these disruptions, UNFI CEO Sandy Douglas stated that the company is still able to ship to customers “on a limited basis,” with recovery efforts progressing unevenly across different technology platforms.
Nature of the Attack
• The specific details of the cyberattack have not been publicly disclosed. However, the pattern of taking systems offline and the scale of disruption are consistent with ransomware attacks, where criminals typically encrypt company data and demand payment for decryption keys.
• As of now, no ransomware group has claimed responsibility for the attack, and UNFI has not confirmed the exact nature of the intrusion.
Broader Implications
• The incident highlights the vulnerability of the food supply chain to cyber threats, as UNFI’s role as a central distributor means disruptions can quickly cascade to thousands of retail outlets, impacting grocery inventory and potentially increasing logistical costs.
• The attack comes amid a broader trend of cyber incidents targeting major retailers and supply chain operators in both the U.S. and abroad.
Company Response and Outlook
• UNFI has activated its incident response protocols, is working with cybersecurity experts, and is gradually restoring affected systems.
• The company is partnering with customers to implement short-term solutions and expects the situation to improve in the coming days, though full recovery is still a work in progress.
• Whole Foods and other affected retailers are focused on restocking shelves and minimizing inconvenience to customers.
