Cyberattack On Whole Foods Supplier Disrupts Supply Chain Again

On June 5, 2025, a cyberattack forced United Natural Foods Inc., the primary distributor for Whole Foods Market, to shut down its systems and halt deliveries to more than 30,000 grocery stores across North America. Nearly two weeks later, the company is still operating on a limited basis, relying on workarounds and manual processes. This was not a minor glitch but a direct hit to the digital backbone of the food supply chain.

Grocery stores were deemed essential infrastructure during the COVID-19 pandemic, with workers hailed as frontline heroes. Now, in 2025, the breach at UNFI raises a chilling question: what a biological virus could not shut down, could a cyberattack succeed in crippling? If malicious actors can freeze the software that moves food, they can empty shelves, disrupt lives and trigger cascading economic impacts. “Food security is national security,” one lawmaker warned earlier this year. Congress appears to agree and has introduced the bipartisan Farm and Food Cybersecurity Act of 2025.

What happened, and what could have been done to stop it?

A Major Grocery Supplier Brought To A Standstill

UNFI, based in Providence, Rhode Island, is North America’s largest publicly traded wholesale grocery distributor. The company operates more than 50 distribution centers and supplies approximately 30,000 locations, including supermarkets, independent grocers and food service providers. On June 5, the company detected unauthorized activity on its systems and immediately activated its incident response plan. As a precaution, it took portions of its network offline, which disrupted order processing, fulfillment and shipment capabilities. Law enforcement and external cybersecurity experts were called in to assist with the investigation.

The outage was swift and severe. Automated systems for ordering and inventory went dark, forcing cancellations of employee shifts and a return to manual processes. Business operations were impacted across the board, resulting in significant delivery delays.

UNFI did not publicly disclose the breach until June 9, when it filed an 8-K with the Securities and Exchange Commission. The company warned that disruptions would continue and outlined its reliance on manual workarounds to maintain critical grocery shipments while digital systems remained down.

Empty Shelves And Blocked Orders

The downstream impact on retailers was immediate. Whole Foods Market, which depends heavily on UNFI, saw noticeable shortages in key categories. Refrigerated and perishable sections in many stores went empty. Store employees posted apology signs for out-of-stock items and explained delays. Customers posted photos of empty shelves across multiple locations.

Independent grocers and regional chains also reported missed or delayed shipments. Many scrambled to find backup suppliers. Some succeeded, but others simply ran out of stock, leaving consumers with fewer options.

Even the United States military’s Defense Commissary Agency was affected. Fifty-three commissary stores reported delays. While some mitigated the issue with manual ordering, many still faced inventory shortfalls.

A single breach had turned into a national supply chain shock. With just-in-time inventory models and limited buffers, grocers were vulnerable to even short-term digital outages. The result was fewer choices for shoppers and deeper concerns for the industry.

Cause Unconfirmed, Ransomware Suspected

As of mid-June, UNFI has not confirmed the source or type of cyberattack. The company has avoided calling it ransomware, and no group has claimed responsibility. Still, experts widely agree that the attack shares several characteristics typical of ransomware events, including a full system shutdown, containment procedures and prolonged disruption.

While unproven, the consensus is that ransomware is the most likely explanation, especially given the sharp rise in attacks against the food and retail sectors. In similar cases, attackers have encrypted systems and demanded payment in exchange for restored access.

On a June 10 earnings call, UNFI Chief Executive Officer Sandy Douglas said only that the company was managing through the incident and focused on safe restoration. The company has shared few details. It remains unclear whether any data was stolen or whether negotiations are ongoing. The lack of attribution could indicate behind-the-scenes engagement with law enforcement, which is common in complex ransomware cases.

Until the investigation is complete, the grocery sector remains on high alert. The breach underscores just how vulnerable essential supply chains have become.

Where Have We Seen This Before?

The attack on UNFI is part of a broader trend of attacks on the food supply chain. Recent high-profile incidents include:

• JBS Foods (2021): The world’s largest meat processor was forced to shut down facilities in the United States following a ransomware attack. The company paid an $11 million ransom to resume operations.
• Dole Food Company (2023): A ransomware breach halted production and shipments, causing shortages in grocery stores and more than $10 million in reported losses.
• Ahold Delhaize (2024): The parent of Food Lion and Stop & Shop confirmed a cyberattack that compromised internal data. A ransomware group later claimed responsibility.
• Sam’s Club (2025): The retailer disclosed an investigation into a potential Clop ransomware breach that may have affected customer data.
• UK Retailers: Chains including Marks & Spencer and the Co-op have experienced recent ransomware-related disruptions.

Cybercriminals have proven they can cause real-world consequences across the food sector. “The cyberattack on United Natural Foods is not an isolated incident but part of a growing trend,” said Jeff Wichman, incident response director at Semperis. The risk is no longer hypothetical.

Bolstering Defenses: Lessons And Calls To Action

The attack has sparked urgent conversations throughout the grocery industry. Key priorities include:

• Treat Cybersecurity As Mission-Critical: Distributors must invest in advanced firewalls, intrusion detection, software patching and backup systems. Regular audits and tabletop exercises can and will reduce recovery time.
• Backup, Segment And Patch: Offline backups and segmented networks can contain breaches and minimize fallout. Keeping systems current on patches is essential to closing common attack vectors.
• Tighten Access And Train Staff: Use multi-factor authentication and limit administrative access. Provide routine training on phishing and threat awareness. Most breaches begin with a single click.
• Use Compliance as a Security Tool, Not a Checkbox: Regulatory frameworks like NIST and CMMC should not be treated as paperwork exercises. Instead, organizations should use them to validate and continuously improve real-world security controls. Effective compliance can serve as an operational benchmark for resilience, not just a regulatory obligation.
• Develop Retail Contingency Plans: Grocers need diversified suppliers and manual ordering systems. Relying on one distributor is a clear point of failure.
• Foster Collaboration And Information Sharing: Cross-industry partnerships and communication with government agencies are key. Transparency builds trust and accelerates recovery.
• Support Legislative Action: The Farm and Food Cybersecurity Act of 2025 would mandate risk assessments and training across the food sector. Public and private coordination is vital to protect critical systems.

Cybersecurity is no longer optional. Food supply chains are essential and increasingly targeted. Resilience must be a top priority across every tier of the industry.

From Critical To Vulnerable: The High Stakes Of Grocery Cybersecurity

By mid-June, UNFI had resumed shipments from most distribution centers and made progress restoring systems. Still, many operations rely on manual processes, and product shortages persist in some regions. The impact is ongoing and visible.

This breach should serve as a turning point. Whole Foods and other retailers must invest in both digital defenses and supply chain resilience. Distributors must act with urgency. In the business of feeding families, downtime is unacceptable. The next attack could hit harder and spread faster. The time to prepare is now.