FOOD Ongoing cyberattack at US grocery distributor giant UNFI affecting customer orders

SmithJ

SmithJ

Veteran Member
U.S. grocery distribution giant United Natural Foods (UNFI) said on Tuesday it is working to restore its capabilities following a cyberattack last week that continues to disrupt the grocery supply chain.

UNFI said as part of its third-quarter earnings report that it was “diligently managing through the cyber incident” it confirmed on Monday. The company is “helping our customers with short-term solutions wherever possible,” said UNFI chief executive Sandy Douglas in prepared remarks.


On the company’s post-results conference call, Douglas said UNFI is “continuing to safely bring our systems back online and restore broad-based customer service as soon as possible.”

The company, which is the primary distributor for Amazon-owned Whole Foods, and supplies over 250,000 grocery store products, including frozen goods, disclosed on Monday that it had identified unauthorized access to its IT systems. Douglas said on its call Tuesday that the company has since shut down its entire network.

The company has not described the nature of the cyberattack, but it said the intrusion was causing ongoing disruptions to its operations, including its ability to fulfill and distribute customer orders.

Douglas told investors on the call that the company was shipping to customers “on a limited basis.”

One customer of UNFI told TechCrunch that they are trialing a new product in Whole Foods stores this week, but said much of their supply had not been delivered. The customer said they have heard nothing from either UNFI or Whole Foods about the disruption.

TechCrunch has heard anecdotal reports of diminished or empty shelves at some stores affected by the disruption at UNFI, but it is not immediately clear if this is due to the cyberattack or other supply chain issues. Much of the downstream real-world impact on grocery stores and their customers may not be seen until later this week.

Whole Foods has not returned a request for comment from TechCrunch. Reuters cited a Whole Foods spokesperson as saying that the retail giant was “working to restock our shelves as quickly as possible” and referred additional questions back to UNFI.

It’s not clear how much UNFI has spent on cybersecurity, nor who is ultimately responsible for cybersecurity at the company.


A spokesperson for UNFI did not respond to a request for comment when contacted by TechCrunch on Tuesday.

Much of the UNFI’s external-facing systems are offline, including web systems used by suppliers and customers, as well as the company’s VPN products, according to checks by TechCrunch.

UNFI reported $8.1 billion in net sales in the quarter ended May 3, 2025. The company said it was expecting to report a loss on net income and earnings per share for its 2025 outlook following the ending of a contract with a grocery store chain’s operations in the U.S. northeast, but that it is not adjusting its outlook at this time due to the “ongoing assessment” of the cyberattack.
 
Cardinal

Cardinal

Chickministrator
_______________
www.dailymail.co.uk

Food shortage fears at one of America's biggest grocery chains

One of America's largest grocery stores has issued a warning to customers following a cyberattack on its main supplier.
www.dailymail.co.uk www.dailymail.co.uk

Whole Foods has issued a warning to customers following a cyberattack on its main supplier.

The supplier, United Natural Foods (UNFI), was forced to shut down certain systems after detecting unauthorized activity on its internal networks in recent days.

As a result, Whole Foods has alerted employees about the potential for food shortages at its more than 500 locations across the US, according to an internal memo obtained by TechCrunch.

The Amazon-owned grocery store added that the cyberattack has impacted UNFI's 'ability to select and ship products from their warehouses,' and that this will 'impact our normal delivery schedules and product availability.'

Whole Foods spokesperson Nathan Cimbala said: 'We are working to restock our shelves as quickly as possible and apologize for any inconvenience this may have caused for customers.'

Shoppers have shared images of their trips to the store, showing that many of the shelves are empty.

Ed Clearly, a Florida native spending the summer in Pennsylvania, posted on X: 'Small sample size of how empty these store shelves were today. Truly remarkable.'

' haven't seen a store like this since a hurricane was barreling towards Florida.'

UNFI said Wednesday that it is slowly restoring its systems, adding that it should increase 'capacity over the coming days.'

The supplier is the largest publicly traded wholesale distributor of 'healthier food options' in the US and Canada, according to its website.

It operates 53 distribution centers and delivers goods to over 30,000 stores.

In May 2024 the company announced an eight-year extension to serve as primary distributor for Amazon-owned Whole Foods.

The memo also provided staff a talking point when dealing with questions from customers, prompting them to only says that UNFI has been experiencing a 'nationwide technology system outage,' according to TechCrunch.

Julie Chang, a California local, was met with empty shelves during her visit to a Whole Foods in San Diego.

'At Whole Foods just now. Lotsa shelves empty I asked what's going on. One of the largest food distributors in the US got cyberattacked,' she posted on X.

'That's troubling the food supply can be disrupted this way.'

The same scene has also been reported in Illinois, Colorado and Florida.

One Whole Food shopper shared that their location 'hasn't had water, eggs, real or milk substitutes for days.'


The grocery store has been forced to display signs where shelves and cases are barren, which read: 'We are experiencing a temporary out of stock issue on some products.'

The company said the incident temporarily hurt its 'ability to fulfill and distribute customer orders.'

'We apologize for the inconvenience and should have your favorite product back in stock soon.'

A Whole Foods spokesperson told Reuters in an email on Monday that the company was 'working to restock our shelves as quickly as possible' and referred additional questions back to United Natural.

UNFI, based in Rhode Island, said in a June 9 filing with the Securities and Exchange Commission that it “proactively” took some systems offline after becoming aware June 5 of unauthorized activity on certain networks.

The company said the incident temporarily hurt its "ability to fulfill and distribute customer orders.” It added that the incident "is expected to continue to cause temporary disruptions" to its operations.
 
MrsClaus

MrsClaus

Keeper of all things
A small local grocery store posted on Facebook about this yesterday. They said the were trying to source from alternate vendors until things are back to normal.
 
Repairman-Jack

Repairman-Jack

Veteran Member
Wyominglarry said:
Which country is responsible for this cyber attack? China, Russia, North Korea, Iran, we want to know.
Click to expand...
That hasn't been disclosed yet, they also haven't really said what the "issue" was other than unauthorized access. I'd guess either ransomware or data exfiltration/blackmail.

There are some many operating now, I'd guess maybe cl0p, Scattered Spider, Dragonforce <shrug>
 
rob0126

rob0126

left the forum
Displaced hillbilly said:
Daughter works at Whole Foods. They are been heavily impacted. Their last delivery was Friday and no real ETA for their next delivery. Her store is a high volume store .
Click to expand...
I wonder why this wasn't known last week?
SmithJ said:
People seem to think this only affects Whole Foods.

UNFI supplies 30000 stores. Only 525 are Whole Foods
Click to expand...
Yep. Our coop receives from UNFI, especially the bulk grains.

spinner said:
Our local food co-op has a lot of food from UNFI, especially dry beans and grains. I haven't been in lately to see if they have been effected. It isn't all Whole Foods and the "elite."
Click to expand...
So does ours. We do use WF too, but mainly the coop.
 
Repairman-Jack

Repairman-Jack

Veteran Member
Still offline, they haven't named a threat actor/group or what the nature of the hack is, I'm still 'guessing' ransomware/ransomware with a wiper.


As grocery shortages persist, UNFI says it's recovering from cyberattack | TechCrunch


Food distribution giant United Natural Foods (UNFI) said it is making “significant progress” in recovering from a cyberattack that occurred almost two weeks ago, as grocery stores across North America reliant on the distributor continue to report food shortages.

UNFI said in an update on Sunday that it was restoring its electronic ordering systems, which its customers use to place orders for their grocery stores and supermarkets.

The company, which provides more than 30,000 stores across the United States and Canada with fresh produce and other products, was hit by a cyberattack on June 5, which the company disclosed several days later.

UNFI has not yet described the nature of the cyberattack, though it told investors last week that it had shut down its entire network to contain the incident. The ongoing outage is preventing the company from fulfilling and distributing customer orders at scale.

One of the largest grocers affected is Whole Foods, which relies on UNFI as its “primary distributor.” Several Whole Foods stores, including one visited by TechCrunch last week and others in the New York area, are experiencing shelf shortages amid the UNFI outages. One employee at a Whole Foods in California told TechCrunch about the supply issues at their store, saying they had not seen some products for days.

Whole Foods previously told TechCrunch that it was working to restore its shelves “as quickly as possible,” but did not say when shipments would return to normal.

People working at local grocery stores and big-chain supermarkets alike have told TechCrunch that they continue to experience disruption of varying degrees. Some said that other distributors are providing some supplies, while others are still reporting issues with ordering products from UNFI.

The outages are also affecting grocery stores run by the U.S. Defense Department for active duty personnel and retired veterans. One employee at a grocery store run by the Defense Commissary Agency said they were seeing empty shelves and delayed shipments.

Kevin Robinson, a spokesperson for the Defense Commissary Agency, confirmed the UNFI cyberattack was affecting dozens of its stores.

“This incident has affected deliveries across multiple grocery chains, including 53 Defense Commissary Agency (DeCA) stores,” said Robinson. “The DeCA supply chain team has worked closely with UNFI to implement manual workarounds that have effectively minimized in-store disruptions.”

UNFI has not yet provided a timeline for recovery.

Do you know more about the cyberattack at UNFI? Are you a corporate customer affected by the disruption? You can securely contact this reporter via encrypted message at zackwhittaker.1337 on Signal.

This story was first published on June 16, and updated June 17 with details from the U.S. Defense Department.
 
Repairman-Jack

Repairman-Jack

Veteran Member
Bubble Head said:
In today’s environment why would anyone want to disrupt a major food supplier? Just don’t make sense. Just all a bunch of coincidences. I am sure they will find those 2 million missing illegals before Saturday. Sleep well.
Click to expand...
Money. Depending on who is behind it, they do it for profit/money.

As an example, DPRK pulls in millions upon millions with ransomware and crypto currency heists, same with Russia and other groups.

This goes on daily...as an example there are 7 recent attacks (successful to one degree or another) on Israeli tied companies in the past 4 days, and these are just the ones that someone leaked info such as a demand screenshot/data or was reported.
 
You must log in or register to reply here.
Top