Ongoing cyberattack at US grocery distributor giant UNFI affecting customer orders

United Natural Foods Inc. (UNFI), a leading grocery distributor in the U.S., is currently grappling with the aftermath of a cyberattack that began last week. The company announced on Tuesday that efforts are underway to restore its operational capabilities, which have been significantly affected by this incident. In its third-quarter earnings report, UNFI revealed it is actively managing the ongoing cyber crisis. CEO Sandy Douglas emphasized the company's commitment to supporting its customers with immediate solutions. During a conference call, he stated that UNFI is working diligently to bring its systems back online and to re-establish comprehensive customer service as quickly as possible. UNFI, which serves as the key distributor for Whole Foods—owned by Amazon—and supplies over 250,000 grocery products, reported unauthorized access to its IT infrastructure. As a precaution, the company has taken the step of shutting down its entire network. Although the specific details of the cyberattack remain undisclosed, it is clear that the breach has led to substantial disruptions in UNFI’s ability to fulfill and deliver customer orders. During the call, Douglas informed investors that shipping operations are currently limited. One client shared with TechCrunch that they are launching a new product in Whole Foods stores this week but have not received most of their necessary supplies. They also noted a lack of communication from both UNFI and Whole Foods regarding the situation. There have been unconfirmed reports of empty or sparsely stocked shelves in stores due to the disruptions, but it is uncertain if these issues are solely linked to the cyberattack or if they are part of broader supply chain challenges. The full extent of the impact on grocery stores and consumers might not be fully realized until later this week. Whole Foods has not yet commented on the disruption, although a spokesperson mentioned to Reuters that the chain is working diligently to restock its shelves and directed further inquiries to UNFI. Meanwhile, details surrounding UNFI's cybersecurity investments and the responsible parties within the company remain unclear, as a spokesperson did not respond to inquiries. Currently, many of UNFI’s public-facing systems, including those utilized by suppliers and customers, are offline. The company reported $8.1 billion in net sales for the quarter ending May 3, 2025. Despite anticipating a loss in net income and earnings per share due to the termination of a contract with a grocery chain in the Northeast, UNFI has not modified its projections due to the ongoing evaluation of the cyber incident. Individuals with insights about the UNFI cyberattack or those affected by the disruption are encouraged to reach out securely via an encrypted message service.