When cybercriminals targeted United Natural Foods, Inc. (UNFI) on June 5, 2025, the attack precipitated widespread grocery shortages that left store shelves empty across thousands of locations throughout the United States and Canada.
UNFI, the primary supplier for Whole Foods, was forced to shut down its entire network to contain the incident, disrupting both digital and physical distribution channels that serve more than 30,000 stores.
Network shutdown disrupted digital and physical distribution channels, halting operations across thousands of retail locations nationwide.
The cyberattack created immediate operational paralysis as electronic ordering systems, critical for automated product distribution, went offline completely. Store shelves at Whole Foods and other dependent retailers remained empty for much of the following week, with food shortages persisting in many locations, particularly urban centers, even after initial recovery efforts began.
Although UNFI did not fully disclose the attack’s specific nature, FBI warnings have identified ransomware as an escalating threat to food supply chains. The incident follows a pattern of costly cyber disruptions affecting the retail sector, with some companies reporting hundreds of millions in direct losses from similar attacks.
Previous major incidents in the UK’s retail sector have cost individual companies up to $400 million, demonstrating the global scope of supply chain vulnerabilities. Similar disruptions have affected international retailers, with Co-op grocery chain in the U.K. reporting empty shelves following their own cyber incident.
Recovery efforts commenced with manual processes before partial automation returned gradually. By June 18, UNFI reported “significant progress” toward restoring normal operations, though many locations had not achieved full supply recovery. Zero-day exploits may have been used to breach UNFI’s security systems, according to preliminary investigations.
The company began restoring electronic ordering systems systematically, as Whole Foods communicated ongoing restocking efforts without providing definitive timelines for normalized shipments. The attack methodology remains under investigation with leading forensics experts examining the breach for evidence of how hackers gained unauthorized access to critical systems.
The attack affected thousands of stores and millions of consumers, creating ripple effects in food prices and stock availability. Recovery from such disruptions typically requires weeks, increasing labor and logistics costs substantially.
Industry analysts observe that cyber risk continues rising as critical operations become increasingly digitally managed.
Federal agencies, including the FBI, are intensifying warnings to the food industry regarding the need for improved cyber defenses and thorough contingency planning.
Consumer-facing communications highlighted transparent updates while acknowledging continued shortages across certain product categories, underscoring the persistent challenges facing supply chain restoration efforts.
