United Natural Foods, Inc. (UNFI), one of North America’s largest grocery wholesale distributors, experienced a significant cyberattack last week that disrupted its business operations and impacted order fulfillment across the U.S. and Canada.
The Rhode Island-based company, which delivers fresh and frozen products to more than 30,000 retail and food service locations—including major clients like Whole Foods—confirmed the incident in both an SEC 8-K filing and a formal press release. The attack, discovered on Thursday, June 5th, led the company to shut down certain systems as a containment measure.
“The Company promptly activated its incident response plan and implemented containment measures, including proactively taking certain systems offline, which has temporarily impacted the Company’s ability to fulfill and distribute customer orders,” UNFI stated.
UNFI’s distribution network spans 53 centers and supports over 11,000 suppliers. With a workforce exceeding 28,000 employees and $31 billion in annual revenue as of August 2024, the scale of disruption poses serious implications not only for the company but also for the broader supply chain.
UNFI Responds To Cyberattack With Containment and Continuity Measures
The company confirmed that some systems remain offline, impacting its operational capabilities. While specific details of the cyberattack remain undisclosed—including the method used and whether any data was stolen—UNFI has taken immediate steps to minimize damage and restore services.
“The incident has caused, and is expected to continue to cause, temporary disruptions to the Company’s business operations,” the company added.
The company is actively working with third-party cybersecurity professionals and has notified relevant law enforcement authorities. Business continuity protocols have been activated, and temporary workarounds are in place to support customers while affected systems are being recovered.
“We are assessing the unauthorized activity and working to restore our systems to safely bring them back online,” said UNFI spokesperson Inès de Miranda. “As we work through this issue, our customers, suppliers, and associates are our highest priority.”
Broader Industry Impact and Pattern of Targeted Attacks
Social media reports indicate employees have experienced shift cancellations and disruptions since the attack began. UNFI has not confirmed any involvement by ransomware operators, and no group has publicly claimed responsibility for the breach.
This incident adds to a growing list of cyberattacks targeting the food distribution and retail sector:
- In March, Sam’s Club—owned by Walmart—began investigating claims of a Clop ransomware breach.
- In 2021, JBS Foods, the largest beef producer globally, paid $11 million in ransom to REvil threat actors.
- More recently, U.K. retailers such as Harrods, Co-op, and Marks & Spencer were hit by ransomware attacks linked to Scattered Spider and DragonForce, with a shift now seen toward U.S. targets.
UNFI plans to release its fiscal Q3 financial results this Tuesday, May 20, as originally scheduled. The impact of the breach on financial performance and operations is likely to become clearer in the weeks ahead.
As of now, the investigation continues, and recovery efforts are ongoing. UNFI’s ability to contain the threat, restore critical systems, and maintain transparency will be closely watched by the industry and stakeholders alike.
