UNFI Reports Cyberattack, Cites Delays in Order Fulfillment

PROVIDENCE, R.I., June 11, 2025 — United Natural Foods Inc. is working to bring systems back online after a cyberattack last week that continues to disrupt its operations and ripple through the U.S. grocery supply chain, the company said Tuesday.

The grocery distribution giant, which is the primary supplier for Amazon-owned Whole Foods, acknowledged the breach during its third-quarter earnings report. The company confirmed unauthorized access to its IT infrastructure on Monday and said it has since shut down its entire network.

UNFI chief executive Sandy Douglas said in prepared remarks that the company is "diligently managing through the cyber incident" and is assisting customers with short-term solutions where possible.

“We are continuing to safely bring our systems back online and restore broad-based customer service as soon as possible,” Sandy told investors during a post-results conference call.

The company, which distributes more than 250,000 grocery items including frozen goods, has not disclosed the nature or origin of the cyberattack. However, it said the intrusion is causing ongoing operational disruptions, including delays in order fulfillment and distribution.

Sandy confirmed that shipments are currently moving on a limited basis. A customer, speaking to TechCrunch, said that while trialing a new product in Whole Foods stores this week, a significant portion of their supply had not arrived. The customer also reported receiving no updates from either UNFI or Whole Foods regarding the delays.

Reports of empty or understocked shelves have surfaced, though it remains unclear whether these are directly attributable to the cyberattack or broader supply chain challenges.

Whole Foods has not responded to a request for comment from TechCrunch. Reuters, however, cited a Whole Foods spokesperson who said the retailer is “working to restock our shelves as quickly as possible,” while referring further inquiries to UNFI.

UNFI has not commented on its cybersecurity investment levels or who is responsible for oversight. A company spokesperson did not respond to a request for comment on Tuesday.

According to TechCrunch, many of UNFI’s external systems, including those used by suppliers and customers, as well as its VPN, remain offline.

The company reported $8.1 billion in net sales for the quarter ending May 3. While UNFI anticipates a net income and earnings per share loss in its fiscal 2025 outlook following the termination of a major contract in the U.S. Northeast, it said no changes to its guidance will be made until the cyberattack is fully assessed.

We are continuing to safely bring our systems back online and restore broad-based customer service as soon as possible.