Business activities resume at UNFI following cybersecurity incident

Business activities resume at UNFI following cybersecurity incident

United Natural Foods Inc. (UNFI) Contains Cyberattack and Outlines Cybersecurity Strategies

United Natural Foods Inc. (UNFI), one of the largest publicly traded wholesale distributors of health and specialty food in North America, has announced that its recent cyberincident is now contained. The company has restored its core systems used by retail customers and suppliers for business.

The incident, which became known on June 5, temporarily affected UNFI's ability to fulfill and distribute customer orders. However, the company doesn't anticipate sending any notifications to individual consumers as a result of this cyberattack. UNFI's electronic ordering and invoicing systems are operational, allowing for more normalized product delivery to grocery stores.

The company has experienced reduced sales volume and increased operational costs due to the incident. In the most recent quarter ended May 3, UNFI's net sales increased by 7.5% to $8.1 billion, primarily driven by a 4% bump in wholesale unit volumes. The growth was also due to new business with existing and new customers, as well as inflation.

Despite the impact of the cyberattack, UNFI's management believes that it is reasonably likely to have an impact on UNFI's net income/(loss) and adjusted EBITDA for the fourth fiscal quarter of 2025. The full claim and settlement process for the cybersecurity incident is expected to extend into UNFI's 2026 fiscal year. UNFI expects to incur direct expenses related to the investigation and remediation of the incident.

The 2025 cyberattack on UNFI, which caused a significant revenue impact by disrupting warehouse, transportation, and order management systems, underlines the urgent need for integrated resilience measures. Food retailers, especially wholesalers like UNFI, can better protect themselves from cyber threats by adopting a multi-faceted cybersecurity strategy.

Key strategies include:

1. Decentralization of operations to reduce dependence on single points of failure. UNFI can build regional hubs that prioritize local producers and logistics, which mitigates widespread impact of cyberattacks and enhances resilience.
2. Technology Modernization with network segmentation and access controls to limit the spread of disruptions within IT infrastructure.
3. Robust employee training programs developed around recognizing social engineering tactics, phishing, and suspicious activity.
4. Multi-factor authentication (MFA) for all critical systems, especially administrative accounts, to increase the difficulty for attackers to gain unauthorized access.
5. Proactive supply chain cyber risk management, including strict vendor due diligence, sharing only necessary data, and continuous cyber threat monitoring across the supply chain.
6. Establishing and rehearsing incident response plans with cyber security partners to enable rapid detection, containment, and recovery from breaches.
7. Strategic partnerships with external cybersecurity organizations such as the National Cyber Security Centre (NCSC) to stay updated on emerging threats and best practices.

UNFI operates more than 50 distribution centers and delivers health and specialty food to over 30,000 locations across the United States and Canada. Last year, UNFI entered into an eight-year extension agreement with Whole Foods to serve as its primary distributor. UNFI is ranked No. 20 on The PG 100, Progressive Grocer's 2025 list of the top food and consumables retailers in North America. The company holds cybersecurity insurance that it expects will be adequate for the information breach.

In conclusion, combining modern segmented IT architecture, decentralized distribution, comprehensive employee training, vigilant supply chain risk management, and strong strategic cybersecurity partnerships form an effective defense framework for wholesalers like UNFI against evolving cyber threats.

1. In light of the recent cyberattack, it's crucial for other companies in the industry, especially those in finance and technology sectors, to implement a similar multi-faceted cybersecurity strategy as United Natural Foods Inc. to safeguard their operations.
2. As UNFI continues to recover from the cybersecurity incident, it's evident that proactive measures in areas such as technology modernization, employee training, supply chain risk management, and incident response planning are essential for firms operating within the food, finance, and cybersecurity sectors.

Read also: