Cyberattack leads to Whole Foods shortages

A cyberattack on a primary organic food distributor has led to empty shelves at Whole Foods stores across the country.
The company, Rhode Island-based United Natural Foods Inc. (UNFI), is one of the country's largest organic food distributors and a major partner with Whole Foods. It became aware of a cyberattack on June 5, according to a filing with the Securities and Exchange Commission, and took some of its systems offline, hampering its ability to distribute orders to customers.
A spokesperson for United Natural Foods declined to share specifics about the cyberattack, saying it was an ongoing operation. But it comes in the wake of a series of cyberattacks where a notorious cybercriminal gang has been targeting major retail customers with ransomware, rendering key systems inoperable as hackers demand payment.
A corporate Whole Foods spokesperson apologized for the inconvenience and said the company is working to restock shelves quickly, but declined to answer specific questions.
Two Whole Foods employees, who were not authorized by the company to speak with the press about the incident, told NBC News that the shortages were significant.
'It's affecting operations in a very, very significant way,' an employee at a Sacramento Whole Foods said. 'Shelves don't even have products in some places. The shipments we receive are not what we need, or we did need it but it's too much of one product because UNFI can't communicate with stores to get proper orders.'
A Whole Foods employee in North Carolina said: 'We had to shut down our sandwich station on Tuesday because we didn't get any bread delivered. My store almost ran out of trash bags the other day.'
The UNFI spokesperson said there was not a clear timeline for when distribution would return to normal, but that on Thursday it had begun gradually bringing some systems back online.
John Braley, the director of the Food and Agriculture-Information Sharing and Analysis Center, a nonprofit cybersecurity advisory nonprofit for the food and agriculture industry, said the food supply chain's complexity means that if a company is suddenly hampered by a cyberattack, it can cause trickle-down effects that keep food from reaching customers.
'For a standard, moderately processed food product found in a major supermarket, 10 or more companies can be involved in the supply chain. Even fresh produce — such as an apple sold at a farmers' market — may involve multiple companies, such as the farm itself, local distributor/food hub, and the retailer,' he said in an emailed statement to NBC News.
Beyond Whole Foods, smaller companies have also faced shortages from UNFI being unable to automatically process orders. The Community Food Co-Op in Bellingham, Washington, told customers on Facebook Monday that, as UNFI is its primary distributor, 'you'll see sparsely stocked shelves in some of our aisles' and asked customers to limit purchases to two of each item.
Caitlin Smith, a logistics coordinator at C.R. England, a trucking and logistics company, told NBC News that the UNFI outage has left her company unable to deliver refrigerated foods to a dairy processing customer.
'I have three drivers sitting stuck because of this whole UNFI debacle,' she said.
The costs from the cyberattack will end up being passed onto the consumer, she said. 'At the end of the day, you and I as customers will end up paying for this. So it does have a domino effect.'
Ransomware attacks are common. But a particularly vicious campaign has hit major retailers in recent months. At least three major British retailers were hit earlier this year, including Marks & Spencer, which had to pause online orders for weeks; the Co-op, which saw hackers leak significant customer data to the BBC; and Harrods, which had to restrict some internet access at stores.
Google said last month that those attacks overlap with a loosely affiliated group the cybersecurity industry has dubbed 'Scattered Spider,' largely English-speaking young men who have mastered the ability to trick people into giving them restricted online access. The same group was accused of breaking into Las Vegas casino companies in 2023. It has begun targeting major American retailers in earnest, Google said.
Victoria's Secret was also the victim of a cyberattack in May, though it's not clear if the same group was responsible.

Try Our AI Features

Explore what Daily8 AI can do for you:

Learn with AIFact CheckingText to SpeechAI Summary

Related Articles

Wales Online

9 hours ago

• Wales Online

ATOL protection - what to do if your travel company goes bust

ATOL protection - what to do if your travel company goes bust There are various measures in place to protect consumers Things can go wrong (Image: Liam McBurney/PA ) Berkshire-based travel company Great Little Escapes collapsed earlier this week, leaving thousands of holidaymakers in limbo. When a travel company goes bust, suddenly people who were looking forward to their escape abroad are left facing a confusing and stressful situation. When booking a holiday, the last thing on your mind is the possibility that your airline, hotel, or cruise company could collapse. Unfortunately, it happens - and when it does, the result can be both stressful and expensive. This is where end supplier failure comes into play. ‌ What happens when a travel company goes bust - end supplier failure Chris Payne, compliance expert at Total Travel Protection, explained: 'End supplier failure refers to the insolvency or financial collapse of a travel service provider - such as an airline, hotel, ferry operator, car hire company, or cruise line - that was supposed to deliver a part of your travel plans. If they cease trading, you may be left without the service you paid for." ‌ What to do if your travel firm goes bust The first thing you should do is check if you booked a package holiday - known as ATOL Protected. If you booked a package holiday through a UK travel company and received an ATOL certificate, you're in luck. The ATOL scheme, run by the Civil Aviation Authority, protects you if the travel company or one of its suppliers goes bust. Did it happen before travel? You should get a refund. Already abroad? ATOL will arrange for you to return home. ATOL only applies to air travel packages sold in the UK. Article continues below Did you pay by credit card? Under Section 75 of the Consumer Credit Act 1974, if you paid £100–£30,000 using a UK credit card, the card provider is jointly liable for the failure of the supplier - even if you booked through an intermediary. You can claim a full refund from your card issuer if the service isn't provided due to insolvency. Look for ABTA protection. If you booked land- or sea-based travel (e.g., coach tours, cruises, rail), and the company is an ABTA member, you may be entitled to refunds or alternative arrangements under their protection scheme. ABTA does not cover flight-only bookings. Contact the insolvency practitioner. In cases where ATOL, ABTA, or the Consumer Credit Act doesn't apply, you can contact the administrator or liquidator handling the collapsed supplier's insolvency. They may be organising limited refunds or arrangements. Article continues below What if you're already abroad? Chris said: 'If your end supplier fails while you're away, you should reach out to ATOL or ABTA if applicable. Contact the UK consulate or embassy if you're stranded with no support.' More help and advice can be found at:

South Wales Argus

11 hours ago

• South Wales Argus

Expanding Horizons acquires three South Wales care homes

Cwmbran-based Expanding Horizons secured the homes following its takeover of Enable Care Services (South Wales) Ltd. The acquisition was funded by a £3.25 million investment from NatWest. Ellis Jenkins, director at Expanding Horizons, said: "At Expanding Horizons, we care deeply about the quality of care our service users receive. "We seek to not only support individuals but empower them to be the best versions of themselves. "The fact that so many people in Wales are living with disabilities and severe mental illness underscores the critical need for tailored support which helps them gain or rebuild their independence. "Residents of South Wales deserve the highest quality of care, and we are thrilled to announce the acquisition of Enable Care Services as we continue to grow and expand our network. "NatWest has been exceptional throughout the process, demonstrating a deep understanding of our industry and our goals and we are incredibly grateful for their support." The deal includes two care homes in Cwmbran and one in Argoed. Expanding Horizons provides personalised support for people with learning disabilities and severe mental illnesses. The company marks its 20th anniversary this year. Part of the funding will go towards the acquisition, while the remainder will support refinancing and infrastructure improvements to ensure regulatory compliance. The expansion is aimed at meeting the rising demand for residential and supported living services across South Wales. According to Public Health Network Cymru, around 900,000 people in Wales live with a disability. This represents 27 per cent of the population, compared to the UK average of 22 per cent. Neil Williams, senior relationship manager at NatWest, said: "The work that Expanding Horizons does is absolutely invaluable to its service users and is the exact sort of community benefit that we look to support at NatWest. "We look forward to continuing our partnership and are excited to witness Expanding Horizon's continued growth and evolution." Expanding Horizons said the acquisition will improve its ability to deliver high-quality care across the region. The company currently operates a portfolio of care homes and supported living services in South Wales.

NBC News

11 hours ago

• NBC News

Minnesota lobbyist arrested after allegedly sending threatening texts

A longtime Minnesota lobbyist was charged Friday after allegedly making violent threats 'with the purpose to terrorize another' person, according to court documents. Jonathan M. Bohn, 41, is believed to have committed 'threats of violence — reckless disregard' after sending a series of threatening text messages. The charge, a felony, carries a maximum penalty of up to a five-year prison sentence or a $10,000 fine or both. While the court document, filed in the First Judicial District of Carver County, does not include the name of the person Bohn, a lobbyist for 20 years, reportedly sent the texts to, it does include samples of several texts threatening in nature. In one message, Bohn allegedly wrote in part, '... Today I bought 500 bullets. I can't wait to shoot one of you motherf—--- in the face.' In another message he wrote, 'Excited to have my gun at the Capitol and blow somebody's f—--- face off.' On Friday, a judge in Chaska, Minn., set Bohn's bail at $1 million and ordered that he have no contact with the person he made the threatening comments to. The judge also ordered that Bohn must stay a half-mile away from the Capitol complex. It is believed that Bohn's sent the flurry of threatening texts on Wednesday. Court documents suggest he was allegedly spurred on after seeing a friend post an image of President Donald Trump as a king. It appears the friend changed the image ahead of the June 14 ' No Kings Day ' march, a protest against Trump, according to NBC News affiliate KARE 11. Earlier on June 14, Minnesota Rep. Melissa Hortman, the former state House speaker, and her husband, Mark Hortman, were shot and killed in their homes. State Sen. John Hoffman and his wife, Yvette, were also shot in their homes. John Hoffman, who was shot nine times, is in critical but stable condition. Despite Bohn's series of erratic text messages, the person who received them did not respond to Bohn, according to court documents. During a search of Bohn's home, police found a gun but no ammunition. As he sat in court on Friday, Bohn wept through the proceedings. He later released a statement from jail. 'Earlier this week, I was grieving the horrific acts of violence committed against my friends and colleagues,' he said. 'In the midst of this immense grief, I sent a series of heated and emotional texts to a friend of nearly thirteen years — someone with whom I've shared countless candid and passionate political conversations. In that moment of anguish, I used language that I deeply regret. The words were spoken from pain, not from intent. I am a hurting person, not a violent one.' He went on to say that he is not a violent person. 'I am profoundly sorry that my words have created a distraction during this time of collective mourning. This moment demands unity, compassion, and reflection — and I am committed to being part of that healing.' As his case moves through the court system, Bohn is on administrative leave from Inter Faculty Organization (IFO), which represents the needs of seven Minnesota state universities. 'We are monitoring developments closely, cooperating as needed with law enforcement and will continue to keep our members informed.' said IFO president Jenna Chernega in a statement to KARE 11. Bohn's next court date is Aug. 27.