Cyberattack on UNFI Disrupts Food Supply Chains Across U.S.

United Natural Foods, Inc. (UNFI), based in Providence, Rhode Island, disclosed on June 9, 2025, that it experienced a significant cybersecurity incident first detected on June 5. The attack triggered a shutdown of multiple IT systems and disrupted the company's operations, which serve over 30,000 retail locations across North America—including Whole Foods, Target, Walmart, and thousands of independent grocers. Although no group has claimed responsibility and no ransom has been confirmed, the event bears hallmarks of a ransomware attack. UNFI took systems offline as a precaution, began remediation efforts with cybersecurity experts, and reported the breach to law enforcement.

The incident has already caused supply chain disruptions, including reported shortages of perishable goods such as dairy, frozen foods, and baked items in affected stores. Whole Foods, UNFI’s largest customer—contributing nearly a quarter of its $31 billion in annual revenue—is particularly vulnerable. The attack coincided with the company’s Q3 earnings report, and UNFI’s stock fell by up to 8.5%, reducing its market cap to approximately $1.6 billion. Experts warn that the breach illustrates broader cybersecurity weaknesses in the food distribution sector and highlights the urgent need for better digital resilience and supply continuity planning across critical infrastructure providers.