A major cyberattack has crippled operations at United Natural Foods Inc. (UNFI), one of North America’s largest food distributors, causing widespread disruptions to grocery supply chains and leaving empty shelves at key retailers, including Whole Foods.
The company disclosed in a recent filing with the U.S. Securities and Exchange Commission (SEC) that it detected unauthorized activity on its information technology systems on June 5. In response, UNFI was forced to shut down certain systems to contain the breach, a move that has affected the fulfillment of customer orders across its vast retail network of more than 30,000 stores in the United States and Canada.
While UNFI has deployed alternative distribution methods to minimize disruptions, many clients have already experienced significant consequences. Multiple Whole Foods locations have reported stock shortages in recent days, with shoppers encountering empty shelves and delayed product restocking, according to NBC News.
The company acknowledged that the incident has caused — and is expected to continue causing — temporary operational disruptions. In the SEC filing, UNFI confirmed that it is working with third-party cybersecurity experts to investigate and remediate the breach and has notified law enforcement agencies. However, the precise nature of the cyberattack has not yet been publicly disclosed.
The timing and characteristics of the breach have raised concerns among cybersecurity professionals, who suggest the incident may be linked to the recent wave of ransomware attacks targeting major retailers in both the United States and the United Kingdom. These attacks have focused on exploiting vulnerabilities in supply chain logistics and IT infrastructure.
UNFI’s CEO, Sandy Douglas, addressed the situation during a financial earnings call on June 10, stating the company is collaborating with the FBI and other authorities to determine the cause and scope of the breach. He emphasized that strengthening cybersecurity defenses is now a top priority.
“We just got penetrated,” Douglas said, as reported by USA Today. “We will be continuing to look at every aspect of our defense, every aspect of how our tools are working, and what may be necessary to bolster it going forward, because it’s an area that requires a tremendous amount of focus from companies today.”
The breach is the latest in a growing trend of cyberattacks targeting critical infrastructure and essential services. Analysts warn that food distribution networks, with their reliance on real-time logistics and digital systems, are increasingly vulnerable to such disruptions. Unlike traditional breaches targeting financial data, these attacks have the potential to directly impact consumers by interrupting essential supply chains.
As the investigation continues, consumers are advised to anticipate possible temporary shortages and delivery delays at affected grocery retailers. Meanwhile, industry leaders and policymakers may need to reconsider current cybersecurity frameworks to better protect food systems from digital threats.
The UNFI incident underscores the urgent need for enhanced cybersecurity measures across the retail and distribution industries, as the consequences of such breaches extend beyond business losses to directly affect households and communities nationwide.