United Natural Foods Inc. (UNFI), a top North American distributor of groceries and the key supplier to Whole Foods Market, is experiencing severe supply chain disruptions in the wake of a severe hacking incident that kicked off.
The incident caused UNFI to completely close its IT network, disrupting the food distribution ecosystem and affecting retailers across the country.
When it detected “unauthorized activity” on its systems, UNFI quickly enacted containment measures, taking key IT infrastructure offline. This confident move, however, also brought operations to a standstill for a while, hitting at everything from order fulfillment and distribution systems to customer and supplier portals. UNFI publicly reported the breach in an SEC filing on June 9, indicating a “material impact” to its operations.
The aftermath was evident and swift on grocery store shelves, especially at Whole Foods, which depends heavily on UNFI for its natural and organic products. The situation has been reported across multiple states, with empty products and unstocked shelves prominently displayed on social media feeds, with warning signs informing customers of “temporary out-of-stock issues.”
UNFI CEO Sandy Douglas said the company is working with customers in “various short-term modes” and is gradually restoring systems, but the recovery is “a work in progress.”
The precise nature of the cyberattack has not been publicly confirmed, although security experts blame ransomware given the massive scale of the disruption. UNFI is working with top forensic specialists and police organizations such as the FBI to determine the facts and to contain this incident. No evidence of data retrieval has yet emerged luckily and payroll processes are not expected to be disrupted.
This UNFI cyberattack highlights the level of vulnerability that today’s supply chains have when it comes to digital threats. It is a stark reminder for the food and agriculture sector, which has had a troubling number of cyber incidents, including previous attacks on top giants like JBS Foods and Dole.
UNFI may be working to restore full capabilities, however, the incident underscores the critical need to continually improve security hygiene for players in essential sectors to avoid adverse events at scale.
