On June 9, 2025, United Natural Foods (UNFI), a major grocery distributor for Whole Foods, announced it had suffered a cyberattack that disrupted its operational capabilities.

With 53 distribution centers serving over 30,000 locations across the U.S. and Canada, UNFI reported $31 billion in annual revenues as of August 2024.

In response to the breach, UNFI activated its incident response plan, taking certain systems offline to contain the attack, which has led to temporary disruptions in business operations.

While emergency workarounds have been implemented to maintain limited operations, ongoing disruptions are expected as the investigation continues.

The investigation into the breach is ongoing, and although it remains unclear if ransomware is involved, the proactive shutdown of systems indicates a serious security threat.

This incident highlights the vulnerability of food supply chains to cyber threats, following a trend of similar attacks on retailers, including recent breaches at U.K. companies.

UNFI is collaborating with third-party cybersecurity professionals and law enforcement to assess the situation and restore normal operations as quickly as possible.

Despite implementing temporary workarounds, UNFI acknowledged in a SEC filing that the incident has impacted their ability to fulfill and distribute customer orders, leading to ongoing shortages.

Reports indicate that some Whole Foods locations are experiencing empty shelves, particularly for dairy products, as drivers have been instructed not to report to work due to the operational halt.

The timing of the attack is particularly problematic, coinciding with peak summer demand, which risks empty shelves and customer frustration for retailers reliant on UNFI.

Following the incident, UNFI's shares fell by more than 6% in early trading, reflecting investor concerns ahead of its fiscal third-quarter results announcement.

Industry experts are calling for a reevaluation of cybersecurity protocols in the grocery distribution sector to better protect against sophisticated threats.