United Natural Foods (UNFI), a major food distributor and wholesaler, suffered a severe cyberattack in early June 2024, forcing a complete shutdown of its network. The incident, attributed to the financially motivated cybercrime group **Scattered Spider**, disrupted operations across 52 distribution centers, leading to **$400 million in lost sales** and a **$60 million net income loss** in the quarter. The attack caused widespread supply chain disruptions, including empty store shelves, product spoilage, and delayed orders for 30,000 customer locations. UNFI incurred **$25 million in direct costs** ($20M for manual workarounds, $5M for remediation) and expects cyber insurance to cover these expenses, though reimbursement is delayed until fiscal 2026. While core systems were restored by late June, the company faced lingering operational challenges, including backlogged purchase orders, invoicing, and payments. The attack highlighted the cascading financial and reputational risks of cyber incidents in critical supply chains.
Source: https://cyberscoop.com/united-natural-foods-cyberattack-400-million/
Honest Green cybersecurity rating report: https://www.rankiteo.com/company/honest-green
"id": "hon2702127111125",
"linkid": "honest-green",
"type": "Cyber Attack",
"date": "6/2024",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"{'affected_entities': [{'customers_affected': '30,000+ customer locations '
'(including Whole Foods Market '
'and local grocers)',
'industry': 'Food & Beverage Supply Chain',
'location': 'North America (52 distribution centers)',
'name': 'United Natural Foods (UNFI)',
'size': 'Large (serves 30,000 customer locations, '
'11,000+ suppliers, 250,000+ products)',
'type': 'Food Distributor/Wholesaler'}],
'customer_advisories': ['CEO acknowledgment of supply chain impact to '
'customers (local grocers)'],
'date_detected': '2024-06-05',
'date_publicly_disclosed': '2024-06-09',
'date_resolved': '2024-06-26',
'description': 'United Natural Foods (UNFI), a major food distributor and '
'wholesaler, suffered a cyberattack in June 2024 that forced a '
'complete network shutdown. The attack, linked to the '
'financially motivated cybercrime group Scattered Spider, '
'disrupted operations across 52 distribution centers, leading '
'to unfilled orders, empty store shelves, and spoilage. The '
'incident resulted in lost sales of up to $400 million and a '
'net income loss of up to $60 million for the quarter. UNFI '
'has since restored most systems and resumed normal '
'operations, with recovery efforts ongoing for less critical '
'tools.',
'impact': {'brand_reputation_impact': 'High (disruption to local grocers and '
'supply chain partners)',
'downtime': '10 days (core systems restored by 2024-06-16; full '
'recovery by 2024-06-26)',
'financial_loss': '$400 million (lost sales), $60 million (net '
'income loss)',
'operational_impact': ['Empty store shelves',
'Product spoilage',
'Delayed purchase orders',
'Delayed invoicing and payments',
'Manual workarounds required'],
'revenue_loss': '$400 million (lost sales)',
'systems_affected': ['Network-wide shutdown',
'Electronic ordering systems',
'Customized reporting platforms (partially)']},
'investigation_status': 'Ongoing (recovery phase; cyber insurance '
'reimbursement expected in FY2026)',
'motivation': 'Financial Gain',
'post_incident_analysis': {'corrective_actions': ['System restoration',
'Operational catch-up on '
'delayed processes',
'Cyber insurance claim for '
'remediation costs']},
'references': [{'source': 'United Natural Foods Business Update Call (July '
'2024)'},
{'source': 'Media reports on Scattered Spider attack spree'}],
'response': {'communication_strategy': ['Business update call with '
'analysts/investors',
'CEO statement acknowledging supply '
'chain impact'],
'containment_measures': ['Complete network shutdown',
'Manual workarounds'],
'incident_response_plan_activated': True,
'recovery_measures': ['Restoration of electronic ordering '
'systems (by 2024-06-16)',
'Full operational capacity restored by '
'2024-06-26',
'Catch-up on delayed business processes '
'(purchase orders, invoicing, payments)'],
'remediation_measures': ['System restoration',
'Third-party cybersecurity support'],
'third_party_assistance': ['Cybersecurity experts',
'Legal advisors',
'Governance experts']},
'stakeholder_advisories': ['Business update call with analysts/investors '
'(July 2024)'],
'threat_actor': 'Scattered Spider',
'title': 'Cyberattack on United Natural Foods (UNFI) Disrupts Supply Chain, '
'Causes Up to $400M in Lost Sales',
'type': ['Cyberattack', 'Operational Disruption', 'Supply Chain Attack']}