Cyber Attack cyber

United Natural Foods Inc. (UNFI)

Jun 11, 2025 2 min read
United Natural Foods Inc. (UNFI)

United Natural Foods Inc. (UNFI), the primary distributor for Whole Foods in the U.S., fell victim to a cyberattack that forced it to take critical systems offline. The breach disrupted operations, leading to empty shelves in Whole Foods stores and halting product distribution. Hackers gained unauthorized access to UNFI’s systems, though the company has not confirmed whether data was stolen. Social media reports indicate widespread stock shortages, with stores displaying notices about 'temporary out-of-stock issues.' The attack’s method remains undisclosed, but it follows a pattern of impersonation-based breaches seen in recent incidents targeting retailers like Marks & Spencer and Co-op. While no ransomware group has claimed responsibility, the operational shutdown suggests severe disruptions to supply chains, financial losses from halted sales, and potential exposure of employee or customer data. The incident underscores the food and beverage industry’s vulnerability to cyber extortion targeting intellectual property, financial assets, and sensitive information.

Source: https://www.foodnavigator.com/Article/2025/06/11/wholefoods-supplier-unfi-hit-by-cyber-attack/

TPRM report: https://www.rankiteo.com/company/unfi

"id": "unf1832118101325",
"linkid": "unfi",
"type": "Cyber Attack",
"date": "6/2025",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization’s existence"
{'affected_entities': [{'customers_affected': ['Whole Foods Shoppers '
                                               '(Indirectly)',
                                               'Retail Partners'],
                        'industry': 'Food and Beverage',
                        'location': 'United States',
                        'name': 'United Natural Foods Inc. (UNFI)',
                        'size': 'Large (Primary distributor for Whole Foods, '
                                'Amazon-owned)',
                        'type': 'Distributor'},
                       {'customers_affected': 'Shoppers (Product Availability '
                                              'Impacted)',
                        'industry': 'Food and Beverage',
                        'location': 'United States',
                        'name': 'Whole Foods',
                        'size': 'Large',
                        'type': 'Retailer'}],
 'attack_vector': ['Social Engineering',
                   'Impersonation of Employees',
                   'Password Reset Exploitation via IT Help Desk'],
 'customer_advisories': ['Temporary Out-of-Stock Notices in Whole Foods '
                         'Stores'],
 'description': 'Criminals targeted United Natural Foods Inc. (UNFI), the '
                'primary distributor for Whole Foods in the US, forcing the '
                'company to take operations offline after unauthorized access '
                'to their systems. The attack follows similar incidents at '
                'Marks & Spencer and Co-op, where hackers impersonated '
                'employees to gain access via IT help desk password resets. '
                'UNFI initiated an investigation with forensic experts and '
                'notified law enforcement. Shoppers report empty shelves in '
                'Whole Foods stores due to supply chain disruptions. No '
                'ransomware group has claimed responsibility yet.',
 'impact': {'brand_reputation_impact': ['Negative Publicity',
                                        'Customer Distrust Due to Supply Chain '
                                        'Issues'],
            'customer_complaints': ['Reports of Empty Shelves on Social Media'],
            'downtime': True,
            'operational_impact': ['Supply Chain Disruption',
                                   'Empty Shelves in Whole Foods Stores',
                                   'Temporary Product Stockouts'],
            'systems_affected': ['Operational Systems (Taken Offline)',
                                 'Supply Chain Management Systems']},
 'initial_access_broker': {'entry_point': ['IT Help Desk (via Impersonation of '
                                           'Employees)'],
                           'high_value_targets': ['Operational Systems',
                                                  'Supply Chain Data']},
 'investigation_status': 'Ongoing (with forensic experts and law enforcement)',
 'motivation': ['Extortion',
                'Intellectual Property Theft',
                'Financial Gain',
                'Data Theft'],
 'references': [{'source': 'Article on UNFI Cyberattack'}],
 'response': {'communication_strategy': ['Public Statement Released',
                                         'No Detailed Disclosure on Attack '
                                         'Nature or Data Theft'],
              'containment_measures': ['Systems Taken Offline Proactively'],
              'incident_response_plan_activated': True,
              'law_enforcement_notified': True,
              'recovery_measures': ['Investigation in Progress',
                                    'Systems Restoration in Progress'],
              'third_party_assistance': ['Leading Forensics Experts']},
 'title': 'Cyberattack on United Natural Foods Inc. (UNFI) Disrupts Whole '
          'Foods Supply Chain',
 'type': ['Cyberattack',
          'Unauthorized System Access',
          'Supply Chain Disruption'],
 'vulnerability_exploited': ['Weak Authentication Processes',
                             'Lack of Multi-Factor Authentication (MFA) for '
                             'Password Resets']}
Published by
Jeremy C
Jeremy C
You might also like
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.