Major food wholesaler United Natural Foods (UNFI) announced Monday that it experienced “unauthorized activity” on its IT systems, prompting the company to take some services offline while an investigation is underway.
As a leading food distributor, UNFI is the primary supplier to Whole Foods Market, an Amazon subsidiary. Last year the two companies extended their partnership through 2032. A Whole Foods spokesperson says the company is “working to restock our shelves as quickly as possible and apologizes for any inconvenience this may have caused for customers.”
According to a Securities and Exchange Commission report, UNFI became aware of the cyberattack last Thursday and immediately implemented containment measures.
“As soon as we discovered the activity, an investigation was initiated with the help of leading forensics experts, and we have notified law enforcement,” a company spokesperson tells Fast Company. “We are assessing the unauthorized activity and working to restore our systems to safely bring them back online. As we work through this issue, our customers, suppliers, and associates are our highest priority. We are working closely with them to minimize disruption as much as possible.”
The full scope and impact of the breach remain unclear. However, shares of UNFI, a $1.5 billion company, dropped by at least 8.6% at the time of publishing, and social media users have begun reporting disruptions.
“Came in at 5 a.m. today and was told there will be no UNFI truck today due to issues on their end,” a Reddit user shared on r/wholefoods.
A user claiming to be a UNFI employee added in the same thread: “We literally cannot do anything network-related. At a complete standstill. This is catastrophic to the business.”
The UNFI breach adds to a growing list of cybersecurity concerns, particularly in the retail sector. U.K. retailers have recently faced a wave of cyberattacks, and the chief analyst for Google’s Threat Intelligence Group told NBC News that U.S. companies were already in the crosshairs.
Beyond retail, recent cyber incidents have also hit the social media platform X, the Office of the Comptroller of the Currency (which led major banks to halt sensitive data sharing), and the car rental company Hertz.
Login to add comment
Other posts in this group

Grab is a rideshare service-turned superapp, not available in the U.S. but rapidly growing in Southeast Asia. It’s even outmaneuvered global players like Uber to reach a valuation north of $20 bil

A quarter-century ago, David Saylor shepherded the epic Harry Potter fantasy series onto U.S. bookshelves. As creative director of

There’s no other phone I’d rather be using right now than Samsung’s Galaxy Z Fold7—and that’s a problem.
I’ve been a foldable phone appreciator for a while now, and a couple of years ago


One of the most powerful buttons on your phone is also one of the easiest to ignore.
I’m referring to the humble “Share” button, a mainstay of both iOS and Android that unloc


Artificial intelligence company Anthropic said on Tuesday it is now valued at $183 bill