A cyber breach disrupted United Natural Foods (UNFI), a key wholesale distributor for major grocers like Whole Foods, halting its ability to process and fulfill orders. The attack, detected on **June 5**, forced UNFI to take critical systems offline, leading to widespread supply chain disruptions. Retailers reliant on UNFI—including Whole Foods—faced **product shortages**, empty shelves, and delayed restocking. The incident strained inventory in remote areas, leaving consumers without essential goods. While UNFI reported 'steady progress' in restoring services mid-June, operational recovery remained gradual.The breach’s scope extended beyond logistics, raising concerns about **potential exposure of customer or partner data**—though no explicit confirmation of stolen data was provided. The attack aligns with a broader trend of cybercriminals targeting high-impact sectors like food distribution, where operational halts create immediate public panic. UNFI’s role as a linchpin in grocery supply chains amplified the ripple effects, affecting both corporate revenue and consumer access to daily necessities. The long-term financial and reputational costs remain undisclosed, but the incident underscores vulnerabilities in critical retail infrastructure.
TPRM report: https://www.rankiteo.com/company/unfi
"id": "unf2855428092925",
"linkid": "unfi",
"type": "Cyber Attack",
"date": "6/2025",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization’s existence"{'affected_entities': [{'industry': 'Grocery/Supply Chain',
'location': 'North America',
'name': 'United Natural Foods',
'size': 'Large (supplies Whole Foods, other grocers)',
'type': 'Wholesale Distributor'},
{'industry': 'Clothing, Home Goods, Food',
'location': 'U.K.',
'name': 'Marks & Spencer (M&S)',
'size': 'Large',
'type': 'Retailer'},
{'industry': 'Retail',
'location': 'U.K.',
'name': 'Co-op',
'size': 'Large',
'type': 'Grocery Chain'},
{'industry': 'Apparel',
'location': 'U.S.',
'name': 'Victoria’s Secret',
'size': 'Large',
'type': 'Retailer'},
{'industry': 'Apparel/Sporting Goods',
'location': 'Global',
'name': 'Adidas',
'size': 'Large',
'type': 'Retailer'},
{'customers_affected': '1,500',
'industry': 'Apparel/Outdoor Gear',
'location': 'Global',
'name': 'The North Face',
'size': 'Large',
'type': 'Retailer'},
{'industry': 'Luxury Goods',
'location': 'Global',
'name': 'Cartier',
'size': 'Large',
'type': 'Retailer'},
{'industry': 'Retail',
'location': 'U.S.',
'name': 'Whole Foods',
'size': 'Large',
'type': 'Grocery Chain'},
{'industry': 'Luxury Goods',
'location': 'U.K.',
'name': 'Harrods',
'size': 'Large',
'type': 'Retailer'}],
'attack_vector': ['Unknown (likely phishing, exploited vulnerabilities, or '
'third-party compromises)',
'Credential Stuffing (The North Face)',
'Ransomware (implied for M&S, Co-op, United Natural Foods)'],
'customer_advisories': ['The North Face (credential stuffing notice)',
'Adidas (data breach notification)'],
'data_breach': {'data_exfiltration': ['Likely (for ransomware attacks)', None],
'number_of_records_exposed': ['1,500 (The North Face)', None],
'personally_identifiable_information': ['Yes (names, emails, '
'potentially more)',
None],
'sensitivity_of_data': ['Moderate to High (PII, potential '
'payment data)',
None],
'type_of_data_compromised': ['Contact information (Adidas, '
'The North Face, Cartier)',
'Potential PII (names, emails, '
'credit card numbers in some '
'cases)',
None]},
'date_detected': ['2024-06-05 (United Natural Foods)',
'2024-04 (Easter weekend, M&S)',
'2024-05 (Victoria’s Secret)',
'2024-04 (The North Face)',
'2024-05 (Adidas)'],
'date_publicly_disclosed': ['2024-06-12 (United Natural Foods update)',
'2024-05 (M&S cost estimate)',
'2024-05 (Victoria’s Secret earnings delay)',
'2024-05 (Adidas disclosure)',
'2024-04 (The North Face statement)'],
'date_resolved': ['Partial (M&S online orders restored as of 2024-06-11, with '
'more to follow)',
'2024-04 (The North Face contained attack)'],
'description': 'A series of cyberattacks and data breaches have targeted '
'major retailers and wholesale distributors, disrupting supply '
'chains, causing operational downtime, and exposing customer '
'data. Affected companies include United Natural Foods '
'(supplier to Whole Foods), Marks & Spencer (M&S), Co-op (U.K. '
'grocery chain), Victoria’s Secret, Adidas, The North Face, '
'and reportedly Cartier. The incidents have led to empty '
'shelves, delayed financial reporting, and potential long-term '
'risks for consumers, including phishing and fraud attempts. '
'Ransomware is suspected in several cases, with M&S estimating '
'£300 million ($400 million) in costs from its breach.',
'impact': {'brand_reputation_impact': ['High (publicized disruptions for '
'well-known brands)',
None],
'customer_complaints': ['Reported for M&S, Co-op, Whole Foods '
'(empty shelves)',
None],
'data_compromised': ['Customer contact information (Adidas, The '
'North Face, Cartier)',
'Potential PII (names, emails, credit card '
'numbers in some breaches)',
'1,500 consumers affected in The North Face '
'attack'],
'downtime': ['6+ weeks for M&S online orders',
'4 days for Victoria’s Secret website',
'Ongoing disruptions for United Natural Foods (as of '
'2024-06-12)',
'Partial outages for Co-op'],
'financial_loss': ['£300 million ($400 million) for M&S',
'Delayed Q1 earnings for Victoria’s Secret',
None],
'identity_theft_risk': ['High (exposed PII could enable '
'phishing/credential stuffing)',
None],
'operational_impact': ['Supply chain disruptions (Whole Foods, '
'Co-op, M&S)',
'Product shortages (remote U.K. '
'supermarkets)',
'Delayed financial reporting (Victoria’s '
'Secret)'],
'payment_information_risk': ['Potential (credit card numbers at '
'risk in some breaches)',
'No credit card data compromised in '
'The North Face attack'],
'revenue_loss': ['Projected £300M for M&S', None],
'systems_affected': ['Order fulfillment (United Natural Foods, '
'M&S, Victoria’s Secret)',
'In-store operations (empty shelves at Co-op, '
'M&S, Whole Foods)',
'E-commerce platforms (M&S, Victoria’s '
'Secret)',
'Corporate systems (Victoria’s Secret)']},
'initial_access_broker': {'high_value_targets': ['Supply chain systems '
'(United Natural Foods)',
'E-commerce platforms (M&S, '
'Victoria’s Secret)',
None]},
'investigation_status': ['Ongoing (United Natural Foods, M&S, Victoria’s '
'Secret)',
'Contained (The North Face)'],
'lessons_learned': ['Cyber hygiene and preparedness are critical for retail '
'and supply chain sectors.',
'Ransomware and credential stuffing are prevalent '
'threats, requiring multifactor authentication and '
'password management.',
'Supply chain disruptions have cascading effects on '
'consumers, especially in remote areas.',
'Public communication and transparency are key during '
'incidents to maintain trust.'],
'motivation': ['Financial Gain (ransomware, data theft for fraud/phishing)',
'Disruption (supply chain chaos to pressure payment)',
'Data Exfiltration (customer PII for downstream fraud)'],
'post_incident_analysis': {'corrective_actions': ['System restoration and '
'enhanced monitoring (M&S, '
'United Natural Foods)',
'Password reset advisories '
'(The North Face)',
None],
'root_causes': ['Likely unpatched vulnerabilities '
'or phishing (ransomware cases)',
'Third-party provider compromise '
'(Adidas)',
'Credential stuffing (The North '
'Face)',
None]},
'ransomware': {'data_encryption': ['Likely (implied by system disruptions)',
None],
'data_exfiltration': ['Possible (double extortion tactic)',
None],
'ransom_demanded': ['Suspected (M&S, Co-op, United Natural '
'Foods)',
None]},
'recommendations': ['Implement multifactor authentication (MFA) and freeze '
'credit as preventive measures for consumers.',
'Avoid password reuse across platforms to mitigate '
'credential stuffing risks.',
'Retailers should prioritize third-party risk management '
'and software patching.',
'Develop and test incident response plans to minimize '
'downtime and operational impact.',
'Enhance monitoring for early detection of unauthorized '
'activity.'],
'references': [{'date_accessed': '2024-06-12',
'source': 'The Associated Press'},
{'source': 'National Cybersecurity Alliance (Cliff '
'Steinhauer)'},
{'source': 'NCC Group (Ade Clewlow)'},
{'date_accessed': '2024-06-12',
'source': 'United Natural Foods Securities Filing'},
{'date_accessed': '2024-06-11',
'source': 'M&S Recovery Update'},
{'date_accessed': '2024-04',
'source': 'The North Face Statement'},
{'date_accessed': '2024-05', 'source': 'Adidas Disclosure'}],
'response': {'communication_strategy': ['Public updates (M&S, United Natural '
'Foods, Victoria’s Secret)',
'Customer advisories (The North Face, '
'Adidas)',
None],
'containment_measures': ['Systems taken offline (United Natural '
'Foods, Victoria’s Secret)',
'Credential stuffing attack contained '
'(The North Face)',
None],
'incident_response_plan_activated': ['Yes (United Natural Foods, '
'M&S, Victoria’s Secret)',
None],
'recovery_measures': ['Restocking shelves (Whole Foods)',
'Partial restoration of online orders '
'(M&S)',
None],
'remediation_measures': ['Gradual restoration of services '
'(United Natural Foods, M&S)',
None]},
'stakeholder_advisories': ['Whole Foods (restocking updates)',
'M&S (recovery progress)'],
'title': 'Recent Cyberattacks Disrupt Major Retailers and Supply Chains',
'type': ['Ransomware (suspected in multiple cases)',
'Data Breach',
'Supply Chain Disruption',
'Credential Stuffing (The North Face)',
'Unauthorized Access (Adidas via third-party provider)']}