United Natural Foods (UNFI), North America’s largest publicly traded wholesale distributor, was forced to shut down some systems following a recent cyberattack.
The Rhode Island-based company operates 53 distribution centers and delivers fresh and frozen products to over 30,000 locations across the United States and Canada, including supermarket chains, e-commerce providers, natural product superstores, independent retailers, and food service customers.
UNFI reported $31 billion in annual revenues in August 2024, works with more than 11,000 suppliers, and has over 28,000 workers.
In an 8-K filing with the U.S. Securities and Exchange Commission and a press release on its website, the company disclosed that a cyberattack discovered on Thursday, June 5th, forced it to take some systems offline, which impacted customer orders.
“The Company promptly activated its incident response plan and implemented containment measures, including proactively taking certain systems offline, which has temporarily impacted the Company’s ability to fulfill and distribute customer orders,” UNFI said.
“The incident has caused, and is expected to continue to cause, temporary disruptions to the Company’s business operations.”
Since the breach was discovered, the wholesaler giant has notified relevant law enforcement authorities and hired external cybersecurity experts to investigate the incident.
UNFI has also taken measures to maintain customer service continuity, implementing workarounds until affected systems are restored.
“The Company is working actively to assess, mitigate, and remediate the incident with the assistance of third-party cybersecurity professionals and has notified law enforcement,” it added.
“Pursuant to its business continuity plans, the Company has implemented workarounds for certain operations in order to continue servicing its customers where possible. The Company is continuing to work to restore its systems to safely bring them back online.”
This disclosure follows widespread reports on social media since Thursday that the company’s systems were down and employees were having their shifts canceled.Â
UNFI has not yet revealed the nature of the attack or whether the attackers stole any data from the company’s network. Additionally, no ransomware operations have claimed responsibility for the breach.
A UNFI spokesperson was not immediately available for comment when contacted by BleepingComputer earlier today.
UNFI is just the latest company in the food industry to have been breached in recent years. For instance, in March, ​Walmart-owned warehouse supermarket chain Sam’s Club disclosed it was investigating claims of a Clop ransomware breach.
Food giant JBS Foods, the world’s largest beef producer, also paid an $11 million ransom in 2021 after a REvil ransomware attack forced it to shut down production at multiple sites worldwide.
Patching used to mean complex scripts, long hours, and endless fire drills. Not anymore.
In this new guide, Tines breaks down how modern IT orgs are leveling up with automation. Patch faster, reduce overhead, and focus on strategic work — no complex scripts required.
