Major food wholesaler United Natural Foods (UNFI) announced Monday that it experienced “unauthorized activity” on its IT systems, prompting the company to take some services offline while an investigation is underway.
As a leading food distributor, UNFI is the primary supplier to Whole Foods Market, an Amazon subsidiary. Last year the two companies extended their partnership through 2032. A Whole Foods spokesperson says the company is “working to restock our shelves as quickly as possible and apologizes for any inconvenience this may have caused for customers.”
According to a Securities and Exchange Commission report, UNFI became aware of the cyberattack last Thursday and immediately implemented containment measures.
“As soon as we discovered the activity, an investigation was initiated with the help of leading forensics experts, and we have notified law enforcement,” a company spokesperson tells Fast Company. “We are assessing the unauthorized activity and working to restore our systems to safely bring them back online. As we work through this issue, our customers, suppliers, and associates are our highest priority. We are working closely with them to minimize disruption as much as possible.”
The full scope and impact of the breach remain unclear. However, shares of UNFI, a $1.5 billion company, dropped by at least 8.6% at the time of publishing, and social media users have begun reporting disruptions.
“Came in at 5 a.m. today and was told there will be no UNFI truck today due to issues on their end,” a Reddit user shared on r/wholefoods.
A user claiming to be a UNFI employee added in the same thread: “We literally cannot do anything network-related. At a complete standstill. This is catastrophic to the business.”
The UNFI breach adds to a growing list of cybersecurity concerns, particularly in the retail sector. U.K. retailers have recently faced a wave of cyberattacks, and the chief analyst for Google’s Threat Intelligence Group told NBC News that U.S. companies were already in the crosshairs.
Beyond retail, recent cyber incidents have also hit the social media platform X, the Office of the Comptroller of the Currency (which led major banks to halt sensitive data sharing), and the car rental company Hertz.
Â
