United Natural Foods (UNFI), North America’s largest food distributor, abruptly shut down critical IT systems on Thursday, June 5, 2025, following the revelation of a cyberattack that compromised portions of its network. The company implemented immediate containment measures after finding unauthorized access, triggering rapid shutdown protocols to prevent further damage to their infrastructure.
The cyberattack created widespread disruptions across UNFI’s vast distribution network, which serves over 30,000 retail locations throughout the United States and Canada. The company operates 53 distribution centers, employs more than 28,000 people, and maintains relationships with over 11,000 suppliers, generating $31 billion in annual revenue as of August 2024. Major retail chains, including Whole Foods, depend heavily on UNFI’s supply chain operations. The incident highlighted the growing threat of zero-day exploits targeting previously unknown vulnerabilities in supply chain systems.
UNFI reported the incident to law enforcement and activated its incident response plan as it implemented workarounds to maintain partial service capabilities. The company issued regulatory filings informing investors that operational disruptions would continue as investigation and system restoration efforts proceeded. Third quarter operations in 2025 faced direct impact from the security breach.
The attack immediately affected grocery supply chains, with at least 60 stores in North Dakota experiencing shortages. Retailers dependent on UNFI’s distribution network faced potential delivery delays, product shortages, temporary store closures, and possible layoffs. The disruption threatened the broader retail ecosystem, particularly Amazon’s Whole Foods operations, given UNFI’s role as their primary distributor. UNFI’s reliance on manual processes for order fulfillment led to significant inefficiency across their distribution centers.
Cybersecurity experts identified this incident as part of an escalating trend targeting the retail and food distribution sector. Previous high-profile attacks affected Sam’s Club, Ahold Delhaize, and other major retailers, highlighting vulnerabilities within internal systems and across supply chain partnerships. Industry specialists stressed the critical need for regular security updates and thorough incident response planning. Google recently identified increased hacking attempts specifically targeting U.S. retailers.
The breach carries significant long-term financial implications for UNFI, including lost sales, reputational damage, and increased cybersecurity expenditures. The company continues evaluating unauthorized activity to determine the full scope of the compromise as it works with external experts to restore normal operations and implement improved security measures.
