Business Operations at UNFI Resume Following Cyberattack Incident

Business Operations at UNFI Resume Following Cyberattack Incident

In a recent turn of events, United Natural Foods Inc. (UNFI) experienced a cyberattack in June 2025, disrupting critical distribution systems, and causing supply chain interruptions, inventory shortages, and lost sales across over 30,000 retailers, including Whole Foods Market locations.

Despite the disruption, UNFI has managed to restore its core systems used by retail customers and suppliers, and its electronic ordering and invoicing systems are back online. The company is currently receiving orders and delivering products to its North American grocery store customers.

However, the incident has resulted in reduced sales volume and increased operational costs in the weeks following the attack. UNFI did not experience a breach of security of personal information or protected health information during the cyberattack. The company holds cybersecurity insurance that it expects will be adequate for the information breach.

The full claim and settlement process for the cyberattack is expected to extend into UNFI's 2026 fiscal year. Management believes that the incident is reasonably likely to have an impact on UNFI's net income/(loss) and adjusted EBITDA for the fourth fiscal quarter of 2025.

UNFI, one of the largest publicly traded wholesale distributors of health and specialty food in North America, operating more than 50 distribution centers, is ranked No. 20 on The PG 100, Progressive Grocer's 2025 list of the top food and consumables retailers in North America. The company's net sales in the most recent quarter ended May 3 increased by 7.5% to $8.1 billion, primarily driven by a 4% increase in wholesale unit volumes.

The incident serves as a reminder for food retailers to implement robust cybersecurity measures, comprehensive employee training, and effective business continuity plans to minimize disruption and damage. Key lessons from this incident include:

1. Develop and maintain strong cybersecurity infrastructure: This includes protecting critical systems through measures such as multi-factor authentication (MFA), advanced threat detection, and rapid containment strategies.
2. Employee cybersecurity awareness and training: Since 95% of breaches are linked to human error, ongoing education around cyber policies is essential.
3. Incident response and business continuity planning: Organizations should invest in precautionary incident response plans and rapid recovery capabilities to reduce downtime and operational impact.
4. Industry collaboration: Sharing threat intelligence and coordinating with law enforcement and cybersecurity groups can help retailers anticipate evolving threats and improve defensive tactics.
5. Use of AI-driven threat intelligence: Incorporating AI and machine learning can enhance proactive monitoring and detection of emerging cyber threats.

By integrating these practices—advanced technical defenses, human-factor mitigation, strategic planning, and collaborative intelligence sharing—food retailers can better safeguard supply chains, protect business continuity, and reduce risks from sophisticated cyberattacks like those experienced by UNFI.

UNFI, based in Providence, R.I., entered into an eight-year extension agreement with Whole Foods to serve as its primary distributor last year. The company is not planning to send any notifications to individual consumers as a result of the cyberattack.

[1] https://www.unfi.com/news/unfi-announces-cybersecurity-incident/ [2] https://www.progressivegrocer.com/unfi-cyberattack-affects-operations-retailers [3] https://www.reuters.com/business/retail-consumer/unified-foods-says-cyberattack-affects-operations-retailers-2021-06-10/ [4] https://www.darkreading.com/attacks-breaches/hackers-are-using-help-desks-to-bypass-multi-factor-authentication-researchers-say/d/d-id/1335587

Note: This article was generated by a language model and may not be entirely accurate. It is always recommended to verify information from official sources.

1. In the realm of food retailing, particularly for companies like UNFI, robust cybersecurity measures, such as the use of multi-factor authentication, advanced threat detection, and maintaining strong infrastructure, are essential to protect businesses from sophisticated attacks that can disrupt operations and supply chains.
2. Furthermore, businesses in the finance and technology sectors should prioritize comprehensive employee training on cybersecurity policies, incident response planning, and collaborative efforts with law enforcement and cybersecurity groups to reduce the chances of a devastating cyberattack and ensure business continuity.

Read also: