A large North American grocery wholesale distributor, United Natural Foods Inc. (UNFI), disclosed that it is grappling with the aftermath of a cyberattack that has disrupted portions of its operations and triggered coordinated incident response and containment efforts. While UNFI did not provide specific details regarding the nature of the cyberattack or the threat actor involved, the company confirmed that the intrusion had a material impact on its operations.
The company disclosed the incident in a Form 8-K filing submitted to the U.S. Securities and Exchange Commission (SEC) on Monday, stating that it “became aware of unauthorized activity on certain of its Information Technology (IT) systems. The Company promptly activated its incident response plan and implemented containment measures, including proactively taking certain systems offline, which has temporarily impacted the Company’s ability to fulfill and distribute customer orders.”
UNFI also informed stakeholders that the incident has caused, and is expected to continue to cause, temporary disruptions to the company’s business operations. The company has not revealed whether the attackers stole any data from the company’s network.
“The Company is working actively to assess, mitigate, and remediate the incident with the assistance of third-party cybersecurity professionals and has notified law enforcement,” it added.
Under its business continuity plans, UNFI has implemented workarounds for certain operations to continue servicing its customers where possible. It continues to work to restore its systems to safely bring them back online.
“The investigation to assess the impact and scope of the incident remains ongoing and is in its early stages,” UNFI added.
The Providence, Rhode Island–based natural and organic food company UNFI is a publicly traded wholesale distributor of health and specialty food in the U.S. and Canada. It is Whole Foods Market’s main supplier, with its traffic making up over a third of its revenue in 2018.
The SEC disclosure follows widespread reports on social media since Thursday that the company’s systems were down and employees were having their shifts canceled. Additionally, no ransomware operations have claimed responsibility for the breach.
The attack occurs amid heightened scrutiny of supply chain resilience and digital infrastructure, particularly in critical food distribution sectors. The UNFI breach is part of a rising trend of cyber intrusions targeting the food and agriculture sector, now a prime target for financially motivated cybercriminals and ransomware operators.
Last week, the Food and Ag-ISAC updated its Cybersecurity Guide for Small and Medium-Sized Enterprises, incorporating findings from the latest Food and Ag Cyber Threat Report. The guide revises previous recommendations and introduces new, practical steps to help businesses improve their cyber defenses. The twelve security practices recognize that organizations are not fully immune to cyber threats, but many of the practices outlined can meaningfully reduce risk, oftentimes at little to no cost. Small, affordable adjustments to cybersecurity protocols can make a significant difference in preventing incidents.
Recent findings from Honeywell highlight a significant and increasing threat of ransomware attacks targeting industrial operators and manufacturers. In the first quarter of 2025, ransomware incidents surged by 46 percent, with the Cl0p ransomware group identified as the most active threat. During this period, the Honeywell 2025 Cyber Threat Report recorded 2,472 new ransomware victims, adding to the 6,130 incidents reported in 2024. The operational technology (OT) layer continues to be a major target. Out of the 55 cybersecurity incidents reported by companies using the SEC Form 8-K in 2024, over half, about 30 cases, were direct attacks on OT systems.
