Latest news with #UNFI
Miami Herald
13 hours ago
- Business
- Miami Herald
Cyberattack on grocery supplier reveals fragility of US food supply
Hackers infiltrated one grocery distributor, and within days, there were bare shelves at stores around the country and even some pharmacies unable to fill prescriptions. That's not the beginning of some thriller novel. It's the real events that played out earlier this month as major wholesale distributor UNFI, dealt with a cyberattack. But the moral of the story is already clear: The nation's highly consolidated food supply is in need of stout digital defenses to protect it. 'It pretty much exposes the fragility of our whole grocery system,' said Gregory Esslinger, a distribution expert, brand adviser and former UNFI manager. 'It's a national security issue, honestly.' Based in Providence, Rhode Island, UNFI has about $31 billion in revenue and supplies 30,000 stores nationwide. 'It's been years, but they're still gradually integrating the SuperValu systems,' Esslinger said of UNFI. 'When you integrate systems, you potentially open doors to issues like this.' While operations at the country's largest publicly traded grocery wholesaler have edged back to normal after UNFI detected the attack June 5 and shut down its ordering systems, preventing and better responding to the next hack will be the greater test. 'If it happens again, that would be the end of them,' Esslinger said. 'The confidence would be shattered.' Having a handful of big suppliers like UNFI distribute the majority of the nation's groceries can help keep the price of food down, but it carries enormous risk when something goes wrong. Every part of the supply chain should take note of what happened and revisit their security plans, experts said. 'If you're in the industry, this is a great opportunity to take this to the board, ask for the budget, ask for what you need to mitigate the risks,' said Cliff Steinhauer, director of information security and engagement at the National Cybersecurity Alliance. 'You know the phrase, 'Don't let a good crisis go to waste.' I hate to say that, but you can take incidents like this and quantify it.' Steinhauer and others believe the attack on UNFI was likely ransomware. Typically, that means a hacker has been able to access and lock up key systems, promising to free them only after the target pays a ransom. 'It does have all the telltale signs of a ransomware attack because the apparent effects are so widespread,' said Adam Marrè, the chief information security officer at the Minnesota-based cybersecurity firm Arctic Wolf. But the company has released few details. UNFI on Wednesday declined to answer questions about the nature of the attack 'as the investigation is ongoing.' 'We've made significant progress toward safely restoring our electronic ordering systems,' the company said in a statement. UNFI distribution centers are again taking orders and making deliveries as of Sunday. Beyond the threat of Americans being unable to access food, attacks like these are also devastating to the company. Every moment of downtime in the logistics business is financially costly. Guggenheim analysts took down their quarterly sales estimate for UNFI by $250 million, a projected 3% hit to the wholesaler's top line. UBS analyst Mark Carden wrote the impact could last much longer. 'We do see some risk to customer retention,' Carden wrote. 'We expect disruption to UNFI's (revenue) to persist over the next few quarters.' It's that kind of damage that makes grocery distributors and other key links in the supply chain such attractive victims for hackers. 'Ransomware actors target industries more likely to pay than not pay,' Marrè said. 'It appears they chose not to pay the ransom, which we recommend and so does law enforcement, but we also understand the business and life-saving realities surrounding that decision.' The UNFI attack follows other critical infrastructure hacks like the Colonial Pipeline in 2021. Any other companies those spooked should take precautions and practice response plans, Marrè said. 'Prevention is great,' he said. 'But at the end of the day, the ability to detect and respond to an incident is a must. There needs to be backup plans and alternates in your supply chain.' Esslinger said a number of factors might have contributed to the UNFI cyberattack and resulting shutdown, which stalled deliveries and, in some warehouses, saw employees taking orders on pen and paper. 'It's some lack of foresight or planning,' he said. 'The other train of thought is they recently laid off a number of people and outsourced some roles. Did that open the door?' 'UNFI regularly evaluates and adopts new tools and technologies as appropriate to strengthen our information security program to address evolving threats,' the company said in a statement, 'and we are continually taking steps to further enhance the security of our systems.' Copyright (C) 2025, Tribune Content Agency, LLC. Portions copyrighted by the respective providers.
Miami Herald
3 days ago
- Business
- Miami Herald
Bernie Sanders urges UNFI to negotiate a ‘fair contract' with Cub Foods workers
Dive Brief: Sen. Bernie Sanders has called on United Natural Foods, Inc. as well as two grocery operators to "negotiate in good faith to sign a fair contract" with employees affiliated with United Food and Commercial Workers Local Union 663 after they voted to reject the grocers' contract offers in May. Along with UNFI, the Vermont Democrat senator sent letters to Minneapolis-area grocery operators The Haug's Companies, which runs two supermarkets under UNFI's Cub Foods franchise, and Knowlan's Festival said in an emailed statement it takes Sanders' comments "very seriously" and is in touch with his staff about the ongoing negotiations. Dive Insight: UFCW Local 663 workers at these Minneapolis grocery banners have been working without a contract since March, Sanders wrote in separate letters to the three grocery operators, noting in his letter to UNFI President and CEO of Retail Andre Persaud that this is "absolutely unacceptable." Unionized workers at UNFI/Cubs Foods, Haug's Cub Foods and Knowlan's Festival voted in May to reject contract offers from the grocery companies. That month, the union representing the workers filed unfair labor practice charges that claimed UNFI/Cub Foods failed to bargain in good faith and alleged additional violations of the National Labor Relations Board by Haug's and Knowlan's Festival. According to UFCW Local 663, the contract rejected by workers would have imposed additional healthcare costs on workers, failed to provide livable raises and sought concessions from the unions. UFCW Local 663 represents more than 2,300 workers across 33 UNFI Cub Foods locations, according to the senator's letter to Persaud. "I have personally heard from these workers, who have expressed serious concerns about your company's demands for healthcare concessions and your insistence that workers drop current unfair labor practice charges and grievances – including what I understand to be approximately $2 million in sick time class action grievances alone," Sanders said in the letter to Persaud. He continued: "These unlawful tactics, including refusing to negotiate, threatening workers, and surveilling employees over their union activity, are unacceptable and have prompted the filing of multiple unfair labor practice charges." UNFI said in its emailed statement that it has been negotiating in good faith with UFCW Local 663. "As part of the negotiations, we've offered strong wage increases, continued market leading union health care and significant increases in our contributions to the union's pension plan to help address underfunding and protect the benefits of all participants. It is our strong hope that the union will choose to meet with us to continue negotiations toward a new contract," UNFI said in a statement. The company added that almost 80% of Cub Foods' workforce is unionized. UFCW Local 663 said last month that the companies' conduct "has set the union on a path to potential strikes," which could involve as many as 2,800 workers at 38 stores throughout the Minneapolis area. The threat of a strike is the latest challenge facing UNFI. Early this month, the grocery supplier suffered a cyberattack and is currently relying on manual procedures to receive and fulfill orders from customers after having to entirely shut down its online platform on June 6. Last week, UNFI disclosed that it is mutually ending its relationship with supermarket cooperative Key Food, which includes a $53 million contract termination fee for UNFI. Copyright 2025 Industry Dive. All rights reserved.
TechCrunch
3 days ago
- Business
- TechCrunch
As grocery shortages persist, UNFI says it's recovering from cyberattack
Food distribution giant United Natural Foods (UNFI) said it is making 'significant progress' in recovering from a cyberattack that occurred almost two weeks ago, as grocery stores across North America reliant on the distributor continue to report food shortages. UNFI said in an update on Sunday that it was restoring its electronic ordering systems, which its customers use to place orders for their grocery stores and supermarkets. The company, which provides more than 30,000 stores across the United States and Canada with fresh produce and other products, was hit by a cyberattack on June 5, which the company disclosed several days later. UNFI has not yet described the nature of the cyberattack, though it told investors last week that it had shut down its entire network to contain the incident. The ongoing outage is preventing the company from fulfilling and distributing customer orders at scale. One of the largest grocers affected is Whole Foods, which relies on UNFI as its 'primary distributor.' Several Whole Foods stores, including one visited by TechCrunch last week and others in the New York area, are experiencing shelf shortages amid the UNFI outages. One employee at a Whole Foods in California told TechCrunch about the supply issues at their store, saying they had not seen some products for days. Whole Foods previously told TechCrunch that it was working to restore its shelves 'as quickly as possible,' but did not say when shipments would return to normal. People working at local grocery stores and big-chain supermarkets alike have told TechCrunch that they continue to experience disruption of varying degrees. Some said that other distributors are providing some supplies, while others are still reporting issues with ordering products from UNFI. The outages are also affecting grocery stores run by the U.S. Defense Department for active duty personnel and retired veterans. One employee at a grocery store run by the Defense Commissary Agency said they were seeing empty shelves and delayed shipments. Kevin Robinson, a spokesperson for the Defense Commissary Agency, confirmed the UNFI cyberattack was affecting dozens of the agency's stores. 'This incident has affected deliveries across multiple grocery chains, including 53 Defense Commissary Agency (DeCA) stores,' said Robinson. 'The DeCA supply chain team has worked closely with UNFI to implement manual workarounds that have effectively minimized in-store disruptions.' UNFI has not yet provided a timeline for recovery. Do you know more about the cyberattack at UNFI? Are you a corporate customer affected by the disruption? You can securely contact this reporter via encrypted message at zackwhittaker.1337 on Signal First published on June 16, and updated June 17 with an update from the U.S. Defense Department.
Miami Herald
4 days ago
- Business
- Miami Herald
How the cyberattack against UNFI affected four independent grocers
United Natural Foods, Inc. is continuing to rely on manual procedures to receive and fulfill orders from customers as it works to recover from a cyberattack that compelled the grocery wholesaler to entirely shut down its online platform on June 6, a UNFI spokesperson said Monday. UNFI has not indicated when it expects to resume processing orders online, but said in a statement posted on its website on Sunday that it has "made significant progress toward safely restoring our electronic ordering systems, which will allow us to serve the customers that order through these systems in a more automated way and continue to increase our operational capacity." Gilpin Matthews, co-owner of Darlings Grocery, a natural foods retailer in La Pointe, Wisconsin, that relies on UNFI for about two-thirds of the products it sells, said he realized something was wrong when he put in his order on June 8 but did not receive confirmation from the distributor. To help keep his store's shelves stocked in the absence of the UNFI delivery he normally receives, Matthews turned to Minnesota-based grocery wholesaler Mason Brothers, which supplies Darlings with conventional products such as canned goods. But that meant Darlings was unable last week to provide shoppers with the full range of organic products it ordinarily sells, because Mason Brothers doesn't offer as large a selection of those goods as UNFI, Matthews said. Matthews also turned to foodservice company Sysco, which supplies products for a restaurant he owns, to obtain conventional produce. "Empty shelves don't look good, and if people go in and they can't get the things that they need … they're going to go somewhere else," Matthews said. "We were just scrambling, because we had no notice." Occupying a former convenience store space, Darlings has limited cold storage space, so it is especially dependent on regular deliveries, Matthews added. He noted that determining what quantity of goods to order from alternative suppliers poses a particular challenge, because the natural foods store will likely not be able to sell conventional products it brings in and substitutes once its regular orders from UNFI resume. Orcas Food Co-op also turned to third-party suppliers after its regular delivery from UNFI didn't arrive last week, said Learner Limbach, the grocer's chief cooperative officer. The co-op, located in Eastsound, Washington, relies on UNFI for a significant percentage of the goods it sells, but also sources products from dozens of local suppliers. "We're not overly reliant on a single supplier," Limbach said. "This is just a good chance to highlight to our members a lot of the other producers we work with directly." When Charley Family Shop 'n Save in Greensburg, Pennsylvania, found out on June 7 about UNFI's system issues, the grocer quickly reached out to organization including the National Grocers Association, Tom Charley, co-owner of the grocer, said in a video posted on social media last week. That networking helped the grocer connect with MDI, a wholesaler based in North Carolina, Charley said. Partnering with MDI as well as tapping local and fresh suppliers helped the store stay almost fully stocked as the UNFI disruptions continued, Charley added, noting that the store's management team adjusted "on the fly" to these challenges. "It's not like you can just typically find a supplier that can supply all of the grocery, dairy and frozen needs of a grocery store that you've never done business with," Charley said. Eric Siperas, manager of a LaBonne's Markets location in Salisbury, Connecticut, pointed out that grocers benefit by contracting with a primary distributor because they are able to get better pricing by doing so. LaBonne's, which runs four supermarkets that sell mostly conventional products, sources the majority of its groceries from Connecticut-based grocery distributor Bozzuto's, but obtains some natural and gluten-free products from UNFI. LaBonne's can only use alternative suppliers for items that Bozzuto's doesn't offer because of its arrangement with the distributor, Siperas said. Siperas said LaBonne's ran out of some items that it ordinarily gets from UNFI last week because it was unable to submit an order on June 7, but that the disruption did not pose a significant problem for the grocer. He added that he was able to access UNFI's portal on Saturday to place an order for this week. The cyberattack also hurt UNFI's ability to serve stores run by Whole Foods Market, its most visible customer. A Whole Foods spokesperson said last week that the chain was working to restock its stores but referred questions about UNFI's ability to fulfill its orders to the distributor. The UNFI spokesperson said the company was unable to comment on its ability to serve specific customers. UNFI said in an emailed statement on Monday that pharmacies operated by its Cub grocery chain are again able to fill prescriptions following disruptions related to the cyberattack last week. Copyright 2025 Industry Dive. All rights reserved.
TechCrunch
4 days ago
- Business
- TechCrunch
Food distributor UNFI says it's recovering from cyberattack as grocery shortages persist
Food distribution giant United Natural Foods (UNFI) said it is making 'significant progress' in recovering from a cyberattack that occurred almost two weeks ago, as grocery stores across North America reliant on the distributor continue to report food shortages. UNFI said in an update on Sunday that it was restoring its electronic ordering systems, which its customers use to place orders for their grocery stores and supermarkets. The company, which provides more than 30,000 stores across the United States and Canada with fresh produce and other products, was hit by a cyberattack on June 5, which the company disclosed several days later. UNFI has not yet described the nature of the cyberattack, though it told investors last week that it had shut down its entire network to contain the incident. The ongoing outage is preventing the company from fulfilling and distributing customer orders at scale. One of the largest grocers affected is Whole Foods, which relies on UNFI as its 'primary distributor.' Several Whole Foods stores, including one visited by TechCrunch last week and others in the New York area, are experiencing shelf shortages amid the UNFI outages. One employee at a Whole Foods in California told TechCrunch described supply issues at their store, saying they had not seen some products for days. Whole Foods previously told TechCrunch that it was working to restore its shelves 'as quickly as possible,' but did not say when shipments would return to normal. People working at local grocery stores and big-chain supermarkets alike have told TechCrunch that they continue to experience disruption of varying degrees. Some said that other distributors are providing some supplies, while others are still reporting issues with ordering products from UNFI. UNFI has not yet provided a timeline for recovery. Do you know more about the cyberattack at UNFI? Are you a corporate customer affected by the disruption? You can securely contact this reporter via encrypted message at zackwhittaker.1337 on Signal
