United Natural Foods (UNFI)

United Natural Foods (UNFI), a major North American wholesale distributor supplying grocers like Whole Foods, suffered a cyberattack discovered on **June 5, 2024**. The incident forced the company to take critical systems offline, disrupting its ability to fulfill and distribute customer orders. The attack triggered supply chain delays, leading to **empty shelves at Whole Foods stores**, with customers reporting shortages reminiscent of early pandemic disruptions. Forensic experts and law enforcement are investigating, but the company has not confirmed whether data was exfiltrated or if a ransom demand was made. The SEC filing acknowledges **temporary operational paralysis**, impacting suppliers, retailers, and end consumers. While UNFI prioritizes system restoration, the attack underscores the retail sector’s vulnerability to cyber disruptions, particularly those targeting logistics and inventory management. The financial and reputational fallout includes **lost sales, customer dissatisfaction, and potential long-term trust erosion**, though no direct data breach of customer or employee information has been publicly confirmed.

Source: https://www.usatoday.com/story/money/2025/06/09/united-natural-foods-cyberattack-whole-foods/84121154007/

TPRM report: https://www.rankiteo.com/company/unfi

"id": "unf846090225",
"linkid": "unfi",
"type": "Ransomware",
"date": "6/2024",
"severity": "75",
"impact": "5",
"explanation": "Attack threatening the organization’s existence"

{'affected_entities': [{'customers_affected': ['Whole Foods',
                                               'Other Grocers (Unspecified)'],
                        'industry': 'Food Distribution',
                        'location': 'North America',
                        'name': 'United Natural Foods (UNFI)',
                        'type': 'Wholesale Distributor'},
                       {'customers_affected': 'General Public (Store Shoppers)',
                        'industry': 'Retail (Grocery)',
                        'location': 'United States',
                        'name': 'Whole Foods',
                        'type': 'Supermarket Chain'}],
 'customer_advisories': ['Temporary Out-of-Stock Notices in Stores',
                         'Assurances of Restocking Efforts'],
 'date_detected': '2024-06-05',
 'date_publicly_disclosed': '2024-06-09',
 'description': 'A major food distributor, United Natural Foods (UNFI), which '
                'supplies items to Whole Foods and other grocers, was hit with '
                'a cyberattack on June 5, 2024. The incident forced the '
                'company to take some systems offline, temporarily disrupting '
                'its ability to fulfill and distribute customer orders. The '
                'attack has led to supply shortages at Whole Foods stores, '
                'with empty shelves reported by customers. Forensics experts '
                'and law enforcement are investigating the unauthorized '
                'activity. The incident is part of a rising trend of '
                'ransomware and data exfiltration attacks targeting the retail '
                'sector for monetary payouts.',
 'impact': {'brand_reputation_impact': ['Negative Customer Experience',
                                        'Comparisons to Pandemic Shortages'],
            'customer_complaints': ['Reports of empty shelves',
                                    'Apologies issued for inconvenience'],
            'downtime': 'Ongoing as of 2024-06-09 (since 2024-06-05)',
            'operational_impact': ['Disrupted Order Fulfillment',
                                   'Distribution Delays',
                                   'Empty Shelves at Retailer Stores (e.g., '
                                   'Whole Foods)'],
            'systems_affected': ['Order Fulfillment Systems',
                                 'Distribution Systems']},
 'investigation_status': 'Ongoing (Forensics Experts and Law Enforcement '
                         'Involved)',
 'motivation': ['Financial Gain (Likely Ransomware)', 'Disruption'],
 'references': [{'source': 'USA TODAY'},
                {'date_accessed': '2024-06-09',
                 'source': 'United Natural Foods (UNFI) Public Statement'},
                {'date_accessed': '2024-06-09',
                 'source': 'Securities and Exchange Commission (SEC) Filing by '
                           'UNFI'},
                {'source': 'Kroll (Global Head of Threat Intelligence, Keith '
                           'Wojcieszek)'},
                {'source': 'X (formerly Twitter) User Reports'},
                {'source': 'Reddit User Post (Image of Empty Shelves)'}],
 'regulatory_compliance': {'regulatory_notifications': ['Securities and '
                                                        'Exchange Commission '
                                                        '(SEC) Filing']},
 'response': {'communication_strategy': ['Public Statement (SEC Filing)',
                                         'Apologies to Customers via Store '
                                         'Signs',
                                         'Media Updates'],
              'containment_measures': ['Systems Taken Offline'],
              'incident_response_plan_activated': True,
              'law_enforcement_notified': True,
              'remediation_measures': ['Restoring Systems Safely',
                                       'Working with Customers/Supply Chain to '
                                       'Minimize Disruption'],
              'third_party_assistance': ['Forensics Experts']},
 'stakeholder_advisories': ['Apologies to Customers via In-Store Signs',
                            'Media Statements'],
 'title': 'Cyberattack on United Natural Foods Disrupts Whole Foods Supply '
          'Chain',
 'type': ['Cyberattack', 'Potential Ransomware', 'Supply Chain Disruption']}