United Natural Foods, Inc. (UNFI), the leading supplier for Whole Foods and all US Military retail exchanges, on Monday said it is contending with an active cyber incident and has proactively taken some of its systems offline.
-
United Natural Foods, Inc, the largest full-service food distributer in North America, is hit by a suspected ransomware attack on June 5th.
-
UNFI is the main distributer for Amazon's Whole Foods Markets and all US Military commisaries and exchanges.
-
Forced to take some systems offline, the attack is expected to impact the food supply chain and over 30,000 retail locations across the US and Canada.
“We have identified unauthorized activity in our systems and have proactively taken some systems offline while we investigate,” the Providence, Rhode Island–based natural and organic food distributor said in a statement sent to Cybernews.
UNFI said it first discovered the intrusion last Thursday, June 5th, in an 8K breach notofication filed with the US Securities and Exchange Commission (SEC) on Monday.
According to the SEC filing, the incident has “temporarily impacted the ability to fulfill and distribute customer orders,” potentially affecting thousands of grocery and retail locations across the US and Canada.
UNFI is the largest full-service distributor in North America, and besides being the main distributor for the Amazon-owned Whole Foods Markets, also supplies food and specialty products for all commissaries and retail exchanges across all four branches of the US Armed Forces.
And even though the company said it has “implemented workarounds for certain operations in order to continue servicing its customers where possible,” it also said that disruptions are "expected to continue."
The "organic, natural, and healthier food" purveyor has distribution centers in over 40 locations across the US, its own network of UNFI suppliers, and its own retail technology management software that it sells to clients.
A Whole Foods spokesperson on Monday said the company was “working to restock our shelves as quickly as possible,” Reuters reported.
Dr. Darren Williams, founder and CEO of ransomware prevention firm BlackFog, says the cyberattack on UNFI is a stark reminder of the escalating risks facing the food distribution supply chain.
“When attackers infiltrate backend systems, they can paralyze operations,” Williams said, adding that “while it’s not yet clear if data was exfiltrated, these kinds of incidents can disrupt critical logistics and jeopardize timely food access for millions.”
UNFI, which said the investigation is still “in its early stages,” has notified law enforcement and obtained leading third-party forensics experts to assess the “unauthorized activity” and help “restore our systems to safely bring them back online.”
Attacks on grocery retail sector hits home
The UNFI cyberattack follows a spate of ransomware attacks on the UK retail sector, impacting Marks & Spencer and its branded food stores. The month-long attack on M&S, resulting from a third-party vendor phishing attack by the Scattered Spider ransomware group, took place Easter weekend and has cost the company over $400 million in damages.
Also claimed by Scattered Spider, attacks on Harrods and Co-op quickly followed those on M&S, leaving the UK retail sector reeling from systemwide shutdowns, customer data being stolen, thousands of cancelled online orders, and empty shelves across hundreds of stores. Other retailers suffering breaches since May include the London luxury department store Harrods, Victoria's Secret, Dior, VF Corp's The North Face, and Adidas.
“Despite being essential infrastructure, the food distribution sector remains significantly underprotected,” said Nick Tausek, Lead Security Automation Architect at Swimlane.
"When the largest publicly traded wholesale distributor in the US, supplying over 30,000 locations across North America, is forced to shut down various systems, it doesn’t just slow distribution; it sends shockwaves through the supply chain," Tausek explained.
With over 250,000 product offerings, including fresh groceries, bulk, pre-packaged foods, wellness, health, and beauty care, UNFI further handles international export, import, and logistics management for its dozens of specialty suppliers.
Tausek also pointed out that the impact of these types of attacks is compounded when dealing with perishable goods. “Downtime isn’t solely an operational inconvenience; it’s a race against spoilage, revenue and reputation loss,” he said.
With cybercriminals shifting their focus toward operational weak spots and most publicly visible disruptions, Tasek said that organizations in the food distribution sectors "need to think beyond incident response and focus on resilience, because the cost of downtime is far from just theoretical.”
The North American food distributor, which also posted a notice about the attack on its website, said it is working “to minimize disruption as much as possible and that “our customers, suppliers, and associates are our highest priority.”
As of Monday evening, no hacker group has come forward to claim responsibliity for the suspected ransomware attack.
Your email address will not be published. Required fields are markedmarked