
United Natural Foods (UNFI) has fallen victim to a cyberattack that has forced the US grocery wholesale distributor to shut down several of its internal systems and impacted its ability to fulfil and distribute customer orders. This incident follows Google’s recent warning to US retailers about cybersecurity threats from hackers using tactics akin to the Scattered Spider group, which previously targeted the UK retail sector.
In a filing submitted to the US Securities and Exchange Commission (SEC), UNFI disclosed its detection of unauthorised activity on its IT systems on 5 June 2025. In response, the company took certain systems offline and initiated an investigation.
“The incident has caused, and is expected to continue to cause, temporary disruptions to the company’s business operations,” UNFI said in the filing. “The company is working actively to assess, mitigate, and remediate the incident with the assistance of third-party cybersecurity professionals and has notified law enforcement.”
The grocery wholesale distributor also said that it has introduced workarounds to maintain service to customers where feasible. However, UNFI did not disclose the nature of the cyberattack, and it is unclear if any data was compromised. No ransomware groups have claimed responsibility for the breach.
UNFI is a primary distributor for Amazon’s Whole Foods. It serves more than 30,000 customer locations across the US and Canada, supplying approximately 250,000 products, including frozen foods, perishable and bulk groceries, and wellness items. The company has 53 distribution centres.
UNFI breach highlights rising cyber threats in retail sector
The cyberattack on UNFI is part of a series of recent incidents targeting retailers and distributors. Earlier this year, Walmart-owned Sam’s Club investigated a Clop ransomware breach, BleepingComputer reported.
Several UK retailers, including Harrods, Co-op, and Marks & Spencer (M&S), have also been affected by similar cyber incidents in recent months. It is unclear if the UNFI incident is connected to those involving M&S and Co-op. The attack on M&S led to a market capitalisation loss exceeding £750m, with disruptions expected to continue until July. M&S acknowledged the potential financial impact of up to £300m in operating profit for the current year due to the cyberattack.