Cyberattack cripples North America’s largest grocery distributor, threatening supply chain
By isabelle // 2025-06-10
Copy
 
  • UNFI, North America’s largest grocery distributor, halted deliveries after a cyberattack disrupted operations for 30,000 retail locations.
  • The breach forced UNFI to shut down critical systems, causing temporary but widespread supply chain disruptions.
  • Grocery chains like Morton Williams and Whole Foods face shortages, with smaller businesses hit hardest by delivery stoppages.
  • The attack aligns with warnings about foreign cyber threats, although UNFI hasn’t attributed the breach to a specific actor.
  • UNFI’s stock dropped 8.5%, highlighting investor concerns over long-term vulnerabilities in critical food infrastructure.
United Natural Foods Inc. (UNFI), North America’s largest grocery distributor and the primary supplier for Whole Foods Market, has been forced to halt deliveries and take systems offline after a crippling cyberattack. The breach, discovered in early June, has disrupted operations across its network of 30,000 retail locations, raising alarms about the vulnerability of the nation’s food supply chain to digital threats. The Rhode Island-based company confirmed in a June 9 regulatory filing that unauthorized access to its IT systems triggered emergency protocols, including shutting down critical infrastructure. "The incident has caused, and is expected to continue to cause, temporary disruptions to the Company’s business operations," UNFI stated, adding that it is working with law enforcement and cybersecurity experts to restore functionality.

Supply chain paralysis

UNFI’s outage has left grocery retailers scrambling. Steve Schwartz, director of sales for New York’s Morton Williams chain, told The New York Post, "It’s bringing the company to a standstill with no orders generated and no orders coming in." The chain relies on UNFI for staples like dairy products and bottled waters, forcing it to seek alternative suppliers. Smaller businesses, like bakeries dependent on UNFI deliveries, face even steeper challenges. Whole Foods, owned by Amazon, has not disclosed the full impact but acknowledged efforts to "restock our shelves as quickly as possible." A UNFI employee anonymously posted online that corporate leadership provided little clarity: "Corporate isn’t telling us s–t."

Broader threats to critical infrastructure

The attack coincides with escalating warnings from the Trump administration about foreign cyber threats targeting U.S. infrastructure. A recent intelligence assessment singled out the Chinese Communist Party as the "most active and persistent cyber threat," capable of disrupting civilian networks during geopolitical crises. While UNFI has not attributed the breach to a specific actor, the incident underscores the food sector’s susceptibility to sabotage. President Trump’s June 6 executive order aimed at bolstering cybersecurity defenses, including mandates for stronger encryption and secure software development, highlights the urgency of the threat. Yet the UNFI breach reveals gaps in preparedness. Adrianus Warmenhoven, a cybersecurity expert at NordVPN, noted, "Threat actors are targeting critical infrastructure and high-traffic consumer platforms for maximum disruption and financial leverage."

Temporary fixes, long-term risks

UNFI insists it has implemented "temporary workarounds" to mitigate customer disruptions, but the timeline for full recovery remains unclear. The company’s stock fell 8.5% following the announcement, reflecting investor unease. The breach mirrors recent attacks on retailers like Victoria’s Secret, whose website went dark for days after a cyber incident. Such events expose the ripple effects of digital warfare on everyday commerce. For UNFI, which signed an eight-year distribution deal with Whole Foods in 2024, the breach tests its ability to safeguard a lifeline for organic and natural food retailers. The UNFI cyberattack is more than a logistical headache; it’s a reminder of how easily malicious actors can destabilize essential services. As the company races to restore operations, the incident should galvanize policymakers and businesses to fortify supply chains against an era of relentless digital threats. For now, empty grocery shelves serve as the canary in the coal mine. The question isn’t whether another attack will come, but whether the U.S. food industry will be ready. Sources for this article include: TheEpochTimes.com NYPost.com Axios.com
Copy