Latest news with #UnitedNaturalFoods
Forbes
11 hours ago
- Business
- Forbes
Cyberattack On Whole Foods Supplier Disrupts Supply Chain Again
SAN RAFAEL, CALIFORNIA - JUNE 11: A shelf is seen bare in the frozen foods section of a Whole Foods ... More store on June 11, 2025 in San Rafael, California. United Natural Foods, the primary food distributor to Whole Foods, has paused deliveries to Whole Foods stores after a cyberattack crippled its system. Some Whole Foods stores are experiencing empty shelves and freezers. (Photo by) On June 5, 2025, a cyberattack forced United Natural Foods Inc., the primary distributor for Whole Foods Market, to shut down its systems and halt deliveries to more than 30,000 grocery stores across North America. Nearly two weeks later, the company is still operating on a limited basis, relying on workarounds and manual processes. This was not a minor glitch but a direct hit to the digital backbone of the food supply chain. Grocery stores were deemed essential infrastructure during the COVID-19 pandemic, with workers hailed as frontline heroes. Now, in 2025, the breach at UNFI raises a chilling question: what a biological virus could not shut down, could a cyberattack succeed in crippling? If malicious actors can freeze the software that moves food, they can empty shelves, disrupt lives and trigger cascading economic impacts. 'Food security is national security,' one lawmaker warned earlier this year. Congress appears to agree and has introduced the bipartisan Farm and Food Cybersecurity Act of 2025. What happened, and what could have been done to stop it? Whole Foods Market locations across the U.S. experienced product shortages after a cyberattack on ... More its primary distributor, United Natural Foods Inc., disrupted supply chains in June 2025. UNFI, based in Providence, Rhode Island, is North America's largest publicly traded wholesale grocery distributor. The company operates more than 50 distribution centers and supplies approximately 30,000 locations, including supermarkets, independent grocers and food service providers. On June 5, the company detected unauthorized activity on its systems and immediately activated its incident response plan. As a precaution, it took portions of its network offline, which disrupted order processing, fulfillment and shipment capabilities. Law enforcement and external cybersecurity experts were called in to assist with the investigation. The outage was swift and severe. Automated systems for ordering and inventory went dark, forcing cancellations of employee shifts and a return to manual processes. Business operations were impacted across the board, resulting in significant delivery delays. UNFI did not publicly disclose the breach until June 9, when it filed an 8-K with the Securities and Exchange Commission. The company warned that disruptions would continue and outlined its reliance on manual workarounds to maintain critical grocery shipments while digital systems remained down. The downstream impact on retailers was immediate. Whole Foods Market, which depends heavily on UNFI, saw noticeable shortages in key categories. Refrigerated and perishable sections in many stores went empty. Store employees posted apology signs for out-of-stock items and explained delays. Customers posted photos of empty shelves across multiple locations. Independent grocers and regional chains also reported missed or delayed shipments. Many scrambled to find backup suppliers. Some succeeded, but others simply ran out of stock, leaving consumers with fewer options. Even the United States military's Defense Commissary Agency was affected. Fifty-three commissary stores reported delays. While some mitigated the issue with manual ordering, many still faced inventory shortfalls. A single breach had turned into a national supply chain shock. With just-in-time inventory models and limited buffers, grocers were vulnerable to even short-term digital outages. The result was fewer choices for shoppers and deeper concerns for the industry. As of mid-June, UNFI has not confirmed the source or type of cyberattack. The company has avoided calling it ransomware, and no group has claimed responsibility. Still, experts widely agree that the attack shares several characteristics typical of ransomware events, including a full system shutdown, containment procedures and prolonged disruption. While unproven, the consensus is that ransomware is the most likely explanation, especially given the sharp rise in attacks against the food and retail sectors. In similar cases, attackers have encrypted systems and demanded payment in exchange for restored access. On a June 10 earnings call, UNFI Chief Executive Officer Sandy Douglas said only that the company was managing through the incident and focused on safe restoration. The company has shared few details. It remains unclear whether any data was stolen or whether negotiations are ongoing. The lack of attribution could indicate behind-the-scenes engagement with law enforcement, which is common in complex ransomware cases. Until the investigation is complete, the grocery sector remains on high alert. The breach underscores just how vulnerable essential supply chains have become. The attack on UNFI is part of a broader trend of attacks on the food supply chain. Recent high-profile incidents include: Cybercriminals have proven they can cause real-world consequences across the food sector. 'The cyberattack on United Natural Foods is not an isolated incident but part of a growing trend,' said Jeff Wichman, incident response director at Semperis. The risk is no longer hypothetical. The attack has sparked urgent conversations throughout the grocery industry. Key priorities include: Cybersecurity is no longer optional. Food supply chains are essential and increasingly targeted. Resilience must be a top priority across every tier of the industry. By mid-June, UNFI had resumed shipments from most distribution centers and made progress restoring systems. Still, many operations rely on manual processes, and product shortages persist in some regions. The impact is ongoing and visible. This breach should serve as a turning point. Whole Foods and other retailers must invest in both digital defenses and supply chain resilience. Distributors must act with urgency. In the business of feeding families, downtime is unacceptable. The next attack could hit harder and spread faster. The time to prepare is now.
Forbes
a day ago
- Business
- Forbes
Stockouts And Loyalty: Lessons From Whole Foods' Empty Shelves
Some shelves at a Whole Foods in New York City sit emptier on June 10, 2025. (AP Photo/Wyatte ... More Grantham-Philips) Whole Foods has made progress in recent years shedding its elite image as 'Whole Paycheck.' But the specialty grocer is now facing a more down-to-earth problem: empty shelves. And that's not great for customer experience. A cyberattack on June 5 crippled United Natural Foods (UNFI), the $30 billion grocery wholesaler that is Whole Foods Market's largest supplier. UNFI took some of its systems offline – and acknowledged in a filing that day with the Securities and Exchange Commission that the incident had 'temporarily impacted the Company's ability to fulfill and distribute customer orders.' A June 10 photo distributed by The Associated Press (above) showed partially empty shelves at a New York City Whole Foods, five days after the attack. That left some Whole Foods customers unable to find sought-after items such as Sasanian Imperial Osetra Caviar or Nielsen-Massey Madagascar Bourbon Vanilla Extract. Customers expect consistency in every interaction with a brand but perhaps above all in inventory. They want what they want when they want it – and if they don't get it, they will find another retailer who has it. Research shows that millions of consumers are switching brands, a trend driven by cultural shifts that were heightened by the COVID-19 pandemic. The immediate customer experience impact of stockouts extends far beyond a single missed purchase. In the short term, this translates to immediate revenue loss as customers pivot to competitors, often discovering alternatives they might prefer. More damaging is the long-term erosion of trust: repeated out-of-stock experiences can result in order cancellations and returns, increased customer service costs, and brand or reputational risk. According to a study at Walden University, 'repeated stockout experiences decreased customers' loyalty to brand and retailer and caused customers to abandon both.' In short, retailers need to avoid being viewed as unreliable. Even though the shelf shortfalls were not the fault of Whole Foods, the chain can take some steps to at least mitigate the damage. The key is communication, more of it not less. In times of crisis, it's hard to overcommunicate as long as what you are saying has some utility. Customers want information that directly affects them and their families, and all communications should be written from that perspective. Instead, companies often write from their own perspective, talking about all of the things 'we' are doing instead of focusing on how it benefits 'you' the customer. Whole Foods landed somewhere in the middle. One sign spotted in a New York City Whole Foods affixed to semi-empty shelves read: 'We are experiencing a temporary out of stock issue for some products. We apologize for the inconvenience and should have your favorite products back in stock soon.' It explains the problem, at least in general terms – and includes an apology. Even better would have been to: The issue emerged when UNFI 'became aware of unauthorized activity on certain of its Information Technology (IT) systems,' according to the SEC filing. The company responded by activating its incident response plan and implementing 'containment measures,' the filing said. One such measure was proactively taking some systems offline, which caused what UNFI called 'temporary disruptions to the Company's business operations.' Nearly a week later, that meant Whole Foods and some other U.S. grocers who are UNFI customers were only being supplied 'on a limited basis.' UNFI officials told investors on an earnings call that they were working with the FBI to determine the source of the intrusion and why their defenses failed, but little additional information has emerged about the attack. 'We just got penetrated,' CEO Sandy Douglas said. The incident was one of a growing number of cyberattacks affecting retailers and their customers. Victoria's Secret, for example, was forced to take down its U.S. website in late May after what it called a 'security incident' that also left some in-store services unavailable. The retailer later said the incident involved its information technology systems and that the website shutdown was a precaution. Victoria's Secret displayed this message on its home page on May 29, 2025. And in Britain, several recent cyberattacks have taken down retail websites and led to empty shelves in at least one grocery chain. The issues affecting Whole Foods reinforce two truisms about customer experience: the importance of supply chains and the lack of control facing companies. Global supply chains have a major impact on customer experience, as shown once again by Whole Foods paying the price, so to speak, for problems affecting its supplier. Since at least the 1990s, customers have wanted their favorite products faster and faster, and the supply chain disruptions of COVID heightened that trend. Customers tend to not care what's happening in the background – a shipping problem, a delivery problem, containers stuck in ports – they just want the product, fast. And they tend to blame the company if they don't get it. Which illustrates that sometimes there are elements of customer experience that companies just cannot control. Yet even if the issue is not their fault, it's still their problem, as Whole Foods quickly learned. What can companies do? A few things: Even during major crises, customer experience is still the one true competitive advantage. The Whole Foods situation demonstrates that while companies cannot control every element of their supply chain, they can control their response. And that starts with being prepared. Retailers that emerge stronger from stockout situations are those that view these challenges not as isolated operational issues, but as defining moments that reveal their culture of customer-centricity. Inventory issues are inevitable, so the quality of communication, the creativity of solutions, and the speed of recovery become critical components to the long-term customer experience. Customers will forgive single negative experiences, but it's how a company responds that will stick with them and determine their loyalty going forward.
Axios
3 days ago
- Business
- Axios
Cyberattacks hit retailers at the worst time
Cyberattacks are the latest crisis for U.S. retailers as they continue to weather tariff uncertainties and labor strife. Why it matters: Consumers are already feeling the squeeze from high prices and patchy inventory. And now, cyberattacks are adding yet another cost driver — both operationally and optically — for businesses trying to stay afloat. Driving the news: United Natural Foods, a major U.S. grocery supplier, has been battling an apparent cyberattack since June 6. The incident led to product shortages at Whole Foods and other grocery stores across the country. In a statement on Sunday, the company said it "made significant progress toward safely restoring our electronic ordering systems," allowing it to start receiving and delivering products to grocery store customers again. State of play: The breach is the latest in a string of cyber incidents hitting American retailers. In recent weeks, Victoria's Secret, North Face, and Cartier were each targeted in separate cyberattacks. Victoria's Secret had to shut down its online store for a full day. Google had warned last month that Scattered Spider — a group of teen hackers in the U.S. and U.K. with no clear links to any nation-state — had its sights set on American retailers after a similar spree in the U.K. None of the affected retailers have disclosed who may be responsible. The big picture: Retailers are navigating a perfect storm of economic and logistical headwinds. Trade policy uncertainty, particularly around tariffs, is forcing tough choices around pricing and supply chains. Meanwhile, labor tensions are escalating. Roughly 60,000 Kroger and Albertsons workers have voted to authorize strikes in multiple cities. Zoom in: A week into the United Natural Foods incident, some Whole Foods shelves remain bare. At a Bay Area Whole Foods on Thursday evening, there were signs on its shelves and refrigerators saying, "We are experiencing a temporary out of stock issue for some products." Paper towels, fresh juice, kombucha, olive oil and rice were among the missing items. Whole Foods locations in Minnesota, Arkansas, and North Carolina are facing similar situations, according to news reports. Some United Natural Foods forklift drivers had to revert to pen-and-paper systems to prepare shipments, Bloomberg reported. Threat level: Retailers are increasingly vulnerable to sophisticated and multipronged cyberattacks, from data breaches to extortion schemes to deepfake scams. These attacks often combine social engineering, data theft and ransom demands, with some aimed purely at disrupting operations rather than stealing customer data. In 2024, the average cost of a data breach in the retail sector was $3.48 million, an 18% increase from the year before, according to IBM. That figure covers the costs of the fallout from any cyberattack that resulted in data theft, including system recovery, lost business and customer notification costs. Fraud targeting retailers also doubled last year, fueled by the growing use of AI-generated audio deepfakes, according to recent data from Pindrop. "Right now the retail sector is under acute pressure from a number of actors who are disrupting operations and extorting businesses," John Hultquist, chief analyst at Google Threat Intelligence Group, tells Axios. "If they haven't already, retailers should be taking a hard look at their defenses, especially against social engineering attacks," he adds.
Yahoo
7 days ago
- Business
- Yahoo
Whole Foods' distributor supplying stores on 'limited basis' after cyberattack
Whole Foods and other U.S. grocers are only being partially stocked as a major food distributor continues to grapple with a recent cyber attack, a recent earnings call revealed. North American wholesale distributor United Natural Foods confirmed this week that it was forced to take some of its systems offline after noticing unauthorized activity. At a financial quarter meeting Tuesday, June 10, CEO Sandy Douglas said the wholesale distributor is only supplying customers on a "limited basis" amid the crisis. "We are partnering with customers across the country and across our formats in various short term mode to serve their needs as best as we possibly can," Douglas told investors. "Any way that we can help them meet their needs, we're doing." The company is working with the FBI and other authorities to determine how to resume services and why the technology defenses failed, according to Douglas. "We just got penetrated, so we will be continuing to look at every aspect of our defense, every aspect of how our tools are working, and what may be necessary to bolster it going forward, because it's clearly an area that requires a tremendous amount of focus from companies today," he said. Users on social media have reported shelves being empty at some Whole Foods locations with signs apologizing for the inconvenience and promising to resupply soon. A Whole Foods spokesperson told USA TODAY on Monday, June 9 that the supermarket chain is working to restock its shelves as fast as possible and said it apologizes for any inconveniences. When asked why the company hesitated to inform investors about the cyberattack and system shutdown, Douglas denied there being a delay. Douglas clarified company officials noticed unauthorized activity in its systems on June 5 and investigated whether it was isolated. By the afternoon of June 6, the company made the decision to lock its systems down. On June 9, it filed a Form 8-K with the Securities and Exchange Commission (SEC) to inform shareholders before the market opened. "So there is no way that we could have communicated any faster, and there was no trading," Douglas added. He also he was unable to confirm whether the shutdown has required customers to break contracts, adding "I wouldn't be able to factually answer that question, even if I was inclined to disclose it." "The focus is making sure we serve the customers and have them be able to do whatever they need to do the best they can in this environment," he said. This article originally appeared on USA TODAY: Why Whole Foods' distributor is supplying on a 'limited basis' Sign in to access your portfolio
Time of India
7 days ago
- Business
- Time of India
With retail cyberattacks on the rise, customers find orders blocked and shelves empty
HighlightsA recent cyberattack on United Natural Foods, a major wholesale distributor for Whole Foods Market, has disrupted order fulfillment, leading to shortages in stores. Victoria's Secret experienced a security breach that forced the popular lingerie retailer to shut down its U.S. shopping site for nearly four days, impacting corporate systems and delaying earnings reports. Multiple British retailers, including Marks & Spencer and Co-op, have reported significant disruptions due to cyberattacks, with Marks & Spencer estimating a cost of 300 million pounds ($400 million) from their incident. A string of recent cyberattacks and data breaches involving the systems of major retailers have started affecting shoppers. United Natural Foods , a wholesale distributor that supplies Whole Foods and other grocers, said this week that a breach of its systems was disrupting its ability to fulfill orders - leaving many stores without certain items. In the U.K., consumers could not order from the website of Marks & Spencer for more than six weeks - and found fewer in-store options after hackers targeted the British clothing, home goods and food retailer. A cyberattack on Co-op, a U.K. grocery chain, also led to empty shelves in some stores. Cyberattacks have been on the rise across industries. But infiltrations of corporate technology carry their own set of implications when the target is a consumer-facing business. Beyond potentially halting sales of physical goods, breaches can expose customers' personal data to future phishing or fraud attempts. Here's what you need to know. Cyberattacks are on the rise overall Despite ongoing efforts from organizations to boost their cybersecurity defenses, experts note that cyberattacks continue to increase across the board. In the past year, there's also been an "uptick in the retail victims" of such attacks, said Cliff Steinhauer , director of information security and engagement at the National Cybersecurity Alliance, a U.S. nonprofit. "Cyber criminals are moving a little quicker than we are in terms of securing our systems," he said. Ransomware attacks - in which hackers demand a hefty payment to restore hacked systems - account for a growing share of cyber crimes, experts note. And of course, retail isn't the only affected sector. Tracking by NCC Group, a global cybersecurity and software escrow firm, showed that industrial businesses were most often targeted for ransomware attacks in April, followed by companies in the "consumer discretionary" sector. Attackers know there's a particular impact when going after well-known brands and products that shoppers buy or need every day, experts note. "Creating that chaos and that panic with consumers puts pressure on the retailer," Steinhauer said, especially if there's a ransom demand involved. Ade Clewlow , an associate director and senior adviser at the NCC Group, points specifically to food supply chain disruptions. Following the cyberattacks targeting M&S and Co-op, for example, supermarkets in remote areas of the U.K., where inventory already was strained, saw product shortages. "People were literally going without the basics," Clewlow said. Personal data is also at risk Along with impacting business operations, cyber breaches may compromise customer data. The information can range from names and email addresses, to more sensitive data like credit card numbers, depending on the scope of the breach. Consumers therefore need to stay alert, according to experts. "If (consumers have) given their personal information to these retailers, then they just have to be on their guard. Not just immediately, but really going forward," Clewlow said, noting that recipients of the data may try to commit fraud "downstream." Fraudsters might send look-alike emails asking a retailer's account holders to change their passwords or promising fake promotions to get customers to click on a sketchy link. A good rule of thumb is to pause before opening anything and to visit the company's recognized website or call an official customer service hotline to verify the email, experts say. It's also best not to reuse the same passwords across multiple websites - because if one platform is breached, that login information could be used to get into other accounts, through a tactic known as "credential stuffing." Steinhauer adds that using multifactor authentication, when available, and freezing your credit are also useful for added lines of defense. Which companies have reported recent cybersecurity incidents? A range of consumer-facing companies have reported cybersecurity incidents recently - including breaches that have caused some businesses to halt operations. United Natural Foods, a major distributor for Whole Foods and other grocers across North America, took some of its systems offline after discovering "unauthorized activity" on June 5. In a securities filing, the company said the incident had impacted its "ability to fulfill and distribute customer orders." United Natural Foods said in a Wednesday update that it was "working steadily" to gradually restore the services. Still, that's meant leaner supplies of certain items this week. A Whole Foods spokesperson told The Associated Press via email that it was working to restock shelves as soon as possible. The Amazon-owned grocer's partnership with United Natural Foods currently runs through May 2032. Meanwhile, a security breach detected by Victoria's Secret last month led the popular lingerie seller to shut down its U.S. shopping site for nearly four days, as well as to halt some in-store services. Victoria's Secret later disclosed that its corporate systems also were affected, too, causing the company to delay the release of its first quarter earnings. Several British retailers - M&S, Harrods and Co-op - have all pointed to impacts of recent cyberattacks. The attack targeting M&S, which was first reported around Easter weekend, stopped it from processing online orders and also emptied some store shelves. The company estimated last month that the it would incur costs of 300 million pounds ($400 million) from the attack. But progress towards recovery was shared Tuesday, when M&S announced that some of its online order operations were back - with more set to be added in the coming weeks. Other breaches exposed customer data, with brands like Adidas, The North Face and reportedly Cartier all disclosing that some contact information was compromised recently. In a statement, The North Face said it discovered a "small-scale credential stuffing attack" on its website in April. The company reported that no credit card data was compromised and said the incident, which impacted 1,500 consumers, was "quickly contained." Meanwhile, Adidas disclosed last month that an "unauthorized external party" obtained some data, which was mostly contact information, through a third-party customer service provider. Whether or not the incidents are connected is unknown. Experts like Steinhauer note that hackers sometimes target a piece of software used by many different companies and organizations. But the range of tactics used could indicate the involvement of different groups. Companies' language around cyberattacks and security breaches also varies - and may depend on what they know when. But many don't immediately or publicly specify whether ransomware was involved. Still, Steinhauer says the likelihood of ransomware attacks is "pretty high" in today's cybersecurity landscape - and key indicators can include businesses taking their systems offline or delaying financial reporting. Overall, experts say it's important to build up "cyber hygiene" defenses and preparations across organizations. "Cyber is a business risk, and it needs to be treated that way," Clewlow said.
