United Natural Foods, Inc., a major publicly traded food wholesaler that serves as Whole Foods’ primary distributor, took some of its systems offline after a massive cyberattack. The incident has left grocery shelves empty across multiple chains and highlighted the vulnerability of modern food distribution networks.
Timeline of the Attack
UNFI discovered the cyberattack on Thursday, June 5th, when unauthorized activity was detected in their IT systems. The company was forced to disconnect their systems, immediately affecting customer orders. By Friday afternoon, UNFI had shut down its entire network to contain the breach.
The scale of the disruption became clear quickly. UNFI distributes groceries and non-food products to about 30,000 locations nationwide. One of UNFI’s forklift operators said they were sent home on June 6 due to the hack, with managers unable to contact staff because the communication systems were down.
Impact on Retailers and Consumers
The effects were immediate and widespread. TechCrunch received multiple reports of empty shelves at Whole Foods stores and other grocery retailers reliant on UNFI. Social media posts showed sparse produce sections and “temporary out of stock” notices throughout affected stores.
Smaller businesses were hit particularly hard. Jennie Scheinbach, founder of Pattycake Bakery in Columbus, Ohio, told CNN she was running out of vegan butter normally supplied by UNFI. “I’m sure they’re working closely with Whole Foods/Amazon, but what about us little guys, whose literal bread and butter is being severely compromised?” she said.
The disruption extended beyond Whole Foods to other major chains. UNFI also distributes food for Cub Foods, Kowalski’s, and Lunds & Byerlys, leaving multiple retailers dealing with supply shortages and, in some cases, closed pharmacy operations.
Financial and Market Response
The cyberattack disclosure sent UNFI’s stock tumbling. Shares fell 7% when the company announced the incident on Monday, then dropped another 10% on Tuesday, leaving the stock down about 17% since the disclosure.
Notably, UNFI shares had begun falling before the official announcement. Stock prices dropped 9% on June 3 and 4% on June 4, despite no company news at the time. One analyst observed that “it very much appears someone knew this was going to happen.”
CEO Sandy Douglas addressed the crisis during the company’s earnings call, which should have focused on UNFI’s strong third quarter results of $8.1 billion in net sales.
Recovery Efforts
UNFI is working to restore operations but progress has been gradual. The company initially hoped to return to full operational capacity by June 15, but recovery has been slower than expected. As of this week, UNFI is gradually bringing ordering and receiving capabilities back online while serving customers on a “limited basis.”
The company has engaged external cybersecurity experts and is working with law enforcement to investigate the incident. However, UNFI has not disclosed the nature of the attack or whether data was compromised.
Supply Chain Vulnerability Exposed
The UNFI incident demonstrates how cyberattacks on key suppliers can cascade through entire industries. UNFI serves as the primary distributor to Whole Foods under a contract extending through May 2032, and also operates supermarkets under banners including Cub Foods and Shoppers.
When a single distributor serving 30,000 locations goes offline, the effects ripple through the entire supply chain. The attack shut down not just IT systems but physical operations; forklifts stopped moving, pharmacy systems went dark, and delivery trucks sat idle.
Lessons for Supply Chain Security
UNFI’s response included immediate system shutdown to contain the breach, a decision that likely prevented further damage despite causing significant operational disruption. The company’s communication strategy, however, left smaller customers feeling abandoned, with some turning to social media to understand what was happening to their supply chain.
The incident serves as a reminder for businesses to evaluate their supply chain dependencies and develop contingency plans. Organizations relying on single suppliers for critical operations need backup arrangements and crisis communication plans.
Industry Pattern
This attack follows similar incidents affecting the retail and grocery sector. Last fall, Dutch grocery company Ahold Delhaize suffered a cyberattack that disrupted e-commerce operations at its U.S. chains for several days. The pattern suggests cybercriminals are increasingly targeting supply chain companies for maximum impact.
As supply chains become more concentrated and digitized, single points of failure present attractive targets for attackers. The UNFI incident shows how quickly a cyberattack can move from corporate IT systems to empty grocery shelves, affecting millions of consumers nationwide.
UNFI continues working to restore full operations while affected retailers work to restock their shelves. The incident provides a clear example of how cybersecurity has become a critical business continuity issue that extends far beyond IT departments.
