Home Economy Economic Activity Stores see supply disruptions following cyberattack at UNFI

Stores see supply disruptions following cyberattack at UNFI

By

PBN Staff

-

06/12/2025

UNITED NATURAL Foods Inc., a Providence-based wholesale food distributor that supplies Whole Foods and other grocers, says it's working to restore its online ordering and receiving capabilities following a reecent cyberattack. / COURTESY UNITED NATURAL FOODS INC

NEW YORK – A string of recent cyberattacks and data breaches involving the systems of major retailers, including United Natural Foods Inc. in Providence, have started affecting shoppers. UNFI, a wholesale distributor that supplies Whole Foods and other grocers, said this week that a breach of its systems was disrupting its ability to fulfill orders, leaving

Already a Subscriber? Log in

To Continue Reading This Article

Become a Providence Business News subscriber and get immediate access to all of our premier content and much more.

Learn More and Become a Subscriber

Critical RI business news and analysis updated daily.
1 year of print (26 issues).
Unlimited access to all subscriber only content on our website, on any device.
Free email alerts.
Annual Book of Lists Print Edition.
All special issues produced during subscription term.

Click Here to purchase a paywall bypass link for this article

PBN Branded Content

Let’s Save Big with Rhode Island Energy Efficiency Programs

Nestled alongside the Blackstone River in Pawtucket, RI, in a historic National Heritage Corridor that…

Learn More

No posts to display

LEAVE A REPLY Cancel reply

NEW YORK – A string of recent cyberattacks and data breaches involving the systems of major retailers, including United Natural Foods Inc. in Providence, have started affecting shoppers. UNFI, a wholesale distributor that supplies Whole Foods and other grocers, said this week that a breach of its systems was disrupting its ability to fulfill orders, leaving many stores without certain items. UNFI took some of its systems offline after discovering "unauthorized activity" on June 5. In a securities filing on June 9, the company said the incident had impacted its "ability to fulfill and distribute customer orders." “The company is working actively to assess, mitigate and remediate the incident with the assistance of third-party cybersecurity professionals and has notified law enforcement,” the company said in its filing on June 9. “Pursuant to its business-continuity plans, the company has implemented workarounds for certain operations in order to continue servicing its customers where possible. The company is continuing to work to restore its systems to safely bring them back online.” The company said it promptly activated its incident response plan and implemented containment measures, including proactively taking some systems offline, which temporarily affected its ability to fulfill and distribute orders. On June 10, UNFI said in its third-quarter earnings statement, where the company reported a loss of $7 million for the period that ended May 3, that it was "working steadily" to gradually restore the services. That has meant leaner supplies of certain items this week. A Whole Foods spokesperson told The Associated Press via email that it was working to restock shelves as soon as possible. The Amazon-owned grocer's partnership with UNFI currently runs through May 2032. "As of today, we’re gradually bringing our ordering and receiving capabilities back online, with the goal of further increasing our capacity over the coming days," UNFI said in a statement on Thursday morning. "Our customers, suppliers, and associates are our highest priority. We continue to work closely with them to minimize disruptions as much as possible. In a separate cyberattack in the U.K., consumers could not order from the website of Marks & Spencer for more than six weeks – and found fewer in-store options after hackers targeted the British clothing, home goods and food retailer. A cyberattack on Co-op, a U.K. grocery chain, also led to empty shelves in some stores. Cyberattacks have been on the rise across industries. But infiltrations of corporate technology carry their own set of implications when the target is a consumer-facing business. Meanwhile, a security breach detected by Victoria's Secret last month led the popular lingerie seller to shut down its U.S. shopping site for nearly four days, as well as to halt some in-store services. Victoria's Secret later disclosed that its corporate systems also were affected, causing the company to delay the release of its first-quarter earnings. Several British retailers – M&S, Harrods and Co-op – have all pointed to the impacts of recent cyberattacks. The attack targeting M&S, which was first reported around Easter weekend, stopped it from processing online orders and also emptied some store shelves. The company estimated last month that it would incur costs of $400 million from the attack. But progress towards recovery was shared on Tuesday, when M&S announced that some of its online order operations were back, with more set to be added in the coming weeks. Other breaches exposed customer data, with brands such as Adidas, The North Face and Cartier all disclosing that some contact information was compromised recently. In a statement, The North Face said it discovered a "small-scale credential stuffing attack" on its website in April. The company reported that no credit card data was compromised and said the incident, which impacted 1,500 consumers, was "quickly contained." Meanwhile, Adidas disclosed last month that an "unauthorized external party" obtained some data, which was mostly contact information, through a third-party customer service provider. Whether or not the incidents are connected is unknown. Experts such as Cliff Steinhauer, director of information security and engagement at the nonprofit National Cybersecurity Alliance, note that hackers sometimes target a piece of software used by many different companies and organizations. But the range of tactics used could indicate the involvement of different groups. Companies' language around cyberattacks and security breaches also varies, and may depend on what they know when. But many don't immediately or publicly specify whether ransomware was involved. Still, Steinhauer says the likelihood of ransomware attacks is "pretty high" in today's cybersecurity landscape, and key indicators can include businesses taking their systems offline or delaying financial reporting. Overall, experts say it's important to build up "cyber hygiene" defenses and preparations across organizations. "Cyber is a business risk, and it needs to be treated that way," said Ade Clewlow, an associate director and senior adviser at the global cybersecurity and software escrow firm NCC Group. Material from The Associated Press was used in this report.