UNFI hit by cyberattack disrupting US food supply

Whole Foods and US Military Distributor UNFI Suffers Disruption

United Natural Foods, Inc. (UNFI), a major grocery distributor in the US that supplies Whole Foods and military commissaries, has been hit by a cyberattack that significantly disrupted its operations. The company identified unauthorized activity in its systems and took immediate action to mitigate the threat. The incident highlights the growing cybersecurity risks facing the food supply chain, a vital part of national infrastructure that is often underprotected. UNFI’s distribution network spans across the US and Canada, making the impact of the attack broad and far-reaching.

Core systems taken offline

UNFI detected the incident on June 9 and responded by taking certain systems offline to contain the threat and prevent further damage. The company initiated an investigation immediately after discovering the unauthorized activity. As a result of these actions, customers experienced delays in order processing, invoicing, and general communication.

In a regulatory filing with the US Securities and Exchange Commission, UNFI confirmed that it had engaged third-party cybersecurity experts to support the investigation and recovery. Law enforcement authorities have also been notified and are assisting in the ongoing inquiry. The company is currently assessing the full impact of the breach, including the scope of the unauthorized access and any potential effect on its business operations. Updates on the recovery process are being shared through UNFI’s website and regulatory channels.

A key player in food logistics

UNFI plays a central role in food distribution across North America. It supplies thousands of retailers with natural and organic products and serves as a primary distributor for Whole Foods Market, which is owned by Amazon. UNFI also holds a contract with the Defense Commissary Agency, responsible for supplying groceries to US military bases.

The cyberattack caused temporary disruption to some of UNFI’s operations, affecting its ability to fully service customers. In response, the company implemented contingency measures to maintain as much continuity as possible and reduce the overall impact on retailers, suppliers, and consumers. While the full extent of the disruption is still being evaluated, the situation demonstrates the potential vulnerabilities in systems that support critical logistics infrastructure.

This incident is a reminder that a single breach at a distributor like UNFI can create ripple effects throughout the supply chain.

As described in our article on supply chain attacks, attackers increasingly exploit the weakest link in a company’s ecosystem. UNFI’s role as a vital distributor shows how a single compromise can ripple throughout the entire chain.

Broader supply chain impact

The disruption has affected both customers and suppliers. With parts of UNFI’s IT systems offline, the ability to fulfill and receive new orders has been limited. Some retailers have reported delays in deliveries, which has led to temporary inventory gaps in certain product categories, particularly among natural and organic staples.

Although the company has implemented manual workarounds and continues to service customer needs where possible, the attack has created noticeable strain across the network. UNFI’s team, in collaboration with cybersecurity experts, is working around the clock to investigate the incident, restore affected systems, and resume normal operations safely.

No ransom confirmed

UNFI has not confirmed whether ransomware was involved or whether any demands were made by the attackers. The lack of specific details suggests that the investigation is still in progress. In some cyberattacks, disruption itself is the goal, rather than financial extortion, which makes these cases more complex to resolve and secure against in the future.

Regardless of the motive, the attack highlights the vulnerability of the food logistics industry. As essential service providers increasingly digitize their operations, they also expand their attack surface, making them more attractive to cybercriminals.

The UNFI case echoes similar incidents, such as the ransomware attack on a US sheriff’s office, where public services were brought to a halt without immediate clarity on the attackers' motives. In both situations, the focus quickly shifts from attribution to recovery.

Security lessons for logistics

The breach at UNFI reinforces a message the cybersecurity industry continues to stress: every organization that touches critical infrastructure must prioritize cyber resilience. This includes proactive monitoring, employee training, regular testing of incident response plans, and strong backup strategies.

As the food industry undergoes digital transformation, cybersecurity must evolve alongside it. Increased reliance on connected systems calls for layered security, strategic risk management, and clear communication in the event of incidents.

As we saw in the adidas cyberattack, disruptions can affect not only core systems but also supply chains and customer trust. Organizations must be prepared to address both technical recovery and reputational risk.

A broader signal

UNFI has stated that it is working to restore its systems as quickly and safely as possible. However, the broader implications of the attack go beyond temporary delays. It is likely to spark further scrutiny of cybersecurity practices across the food distribution and logistics sectors.

This incident demonstrates that cyberattacks are no longer limited to industries traditionally seen as high-risk. Any organization with a vital role in national infrastructure must now recognize that it operates on the front lines of cybersecurity.