UNFI security breach affecting Whole Foods

United Natural Foods (UNFI) Security Breach: What Happened?

by Ryan Murray

United Natural Foods (UNFI) Security Breach: What Happened, Why, and What’s Next

UNFI logo

In early June 2025, United Natural Foods, Inc. (UNFI)—the largest publicly traded grocery distributor in North America and the primary supplier for Whole Foods Market—suffered a major cybersecurity incident that rippled across the U.S. food supply chain. The breach has raised urgent questions about the resilience of critical infrastructure, the evolving nature of cyber threats, and the steps organizations must take to defend themselves.

What Happened?

On June 5, 2025, UNFI discovered unauthorized activity within its IT systems. The company responded by taking certain systems offline, a move that immediately disrupted its ability to fulfill and distribute customer orders. The incident was disclosed in a regulatory filing and quickly became public as widespread reports surfaced of canceled employee shifts, halted deliveries, and empty supermarket shelves.

UNFI’s CEO, Sandy Douglas, confirmed during the company’s third-quarter earnings call that the entire network was shut down to contain the breach, and that the organization was working with leading forensics and cybersecurity experts to investigate and remediate the incident. As of mid-June, the company was still operating under temporary workarounds and had not fully restored its systems.

Why Did the Breach Happen?

While UNFI has not released technical details about the attack, cybersecurity experts and industry observers point to several likely causes:

  • Attack Vector: The disruption’s scale and the systematic shutdown of multiple operational systems suggest a ransomware attack, though no group has claimed responsibility and UNFI has not confirmed this. Experts speculate that attackers may have gained initial access via phishing, compromised credentials, or unpatched vulnerabilities in internet-facing systems.
  • Industry Trends: The incident is part of a broader surge in cyberattacks targeting food and agriculture, which have become prime targets for financially motivated cybercriminals due to their critical role in daily life and the potential for widespread disruption.
  • Supply Chain Complexity: The interconnectedness of modern supply chains and reliance on digital systems for logistics, inventory, and communication create numerous entry points for attackers and amplify the impact of any breach.

How Could the Breach Have Been Prevented?

While no organization is immune to cyber threats, several measures could have reduced the risk or mitigated the impact:

  • Robust Patch Management: Ensuring all systems, especially those exposed to the internet, are regularly updated to fix known vulnerabilities.
  • Multi-Factor Authentication (MFA): Requiring MFA for all remote and privileged access to critical systems to prevent unauthorized logins via stolen credentials.
  • Network Segmentation: Limiting the spread of malware by dividing networks into isolated segments, so a breach in one area does not compromise the entire infrastructure.
  • Employee Training: Regular phishing awareness and cybersecurity training for all staff to reduce the risk of social engineering attacks.
  • Incident Response Planning: Maintaining and regularly testing a comprehensive incident response plan, including offline backups and clear protocols for isolating affected systems.
  • Third-Party Risk Management: Vetting and monitoring the cybersecurity posture of vendors and partners, as supply chain attacks often exploit weaker links.

The Food and Ag-ISAC recently updated its Cybersecurity Guide for Small and Medium-Sized Enterprises, emphasizing that affordable, practical adjustments to security protocols can meaningfully reduce risk.

What Security Technology Vendors Were Involved?

UNFI has not publicly named the cybersecurity vendors assisting in its response. The company stated it is working with “leading forensics experts” and “third-party cybersecurity professionals” to investigate, contain, and remediate the incident. While some reports mention Keeper Security as a recognized leader in enterprise password management, there is no direct evidence that Keeper was involved in this specific incident.

Who is the CISO at UNFI?

John Dutt was the CISO at UNFI until April 2025 according to his LinkedIn profile page. UNFI does not name a CISO on its Executive Leadership webpage. Matthew Karnas is the interim CISO according to his LinkedIn page.

Mario Maffie is the Chief Information Officer at UNFI. He was appointed to the CIO position in September 2023. According to Grocery Dive, he was at Mars Incorporated for 23 years prior to joining UNFI.

 

What does the UNFI Org Chart look like?

UNFI org chart

How Did the Breach Affect the Supply Chain?

The impact on the supply chain was immediate and widespread:

  • Disrupted Deliveries: UNFI trucks were unable to make delivery runs to Whole Foods and other grocery partners, leaving many supermarket shelves empty and some pharmacy operations affected.
  • Operational Workarounds: The company implemented manual workarounds to continue servicing customers where possible, but these were limited in scope and efficiency.
  • Ripple Effects: Over 30,000 locations across North America, including independent grocers, conventional supermarket chains, and e-commerce providers, experienced supply disruptions—especially for fresh produce and branded products.
  • Retailer Response: Some retailers turned to other distributors for critical items, but the sudden demand strained alternative suppliers and highlighted the fragility of just-in-time inventory systems.

How Was Whole Foods Affected?

As UNFI’s largest customer, Whole Foods Market was significantly impacted:

  • Product Shortages: Whole Foods stores faced delays and shortages of key products, with some new product launches postponed due to undelivered supply.
  • Communication Gaps: Some vendors reported a lack of communication from both UNFI and Whole Foods about the extent and expected duration of the disruption.
  • Potential for Empty Shelves: The incident threatened to leave Whole Foods shelves bare for certain high-demand items, underlining the risks of single-source distribution agreements.

 

Additional Questions and Answers


Did the Attackers Steal Data?

As of mid-June 2025, UNFI has not disclosed whether any data was stolen, and no ransomware group has claimed responsibility.

How Long Will Recovery Take?

UNFI has not provided a timeline for full recovery. The company is gradually restoring systems and expects disruptions to continue in the near term.

What Has Been the Financial Impact?

UNFI’s stock dropped at least 8% following the disclosure of the breach, reflecting investor concern over operational and reputational damage.

Is This Part of a Larger Trend?

Yes. The food and agriculture sector has seen a surge in cyberattacks, with recent incidents targeting major retailers and distributors in both the U.S. and Europe.

What Should Other Companies Learn?

This incident underscores the need for robust cybersecurity in critical infrastructure sectors. Companies should prioritize risk assessments, invest in layered defenses, and ensure business continuity plans are up to date and tested regularly.

Does databahn have a deep dive company profile report on UNFI?

Yes, databahn has a deep dive sales intelligence report on UNFI with detailed org charts on the Finance, HR and IT organizations. It's available for $395 on our ecommerce site. Fill out the form below and someone from the databahn team will contact you within a few hours.

 

Summary

The UNFI security breach is a stark reminder that even the most essential and well-resourced organizations are vulnerable to cyber threats. As attackers increasingly target critical supply chains, the food and agriculture sector must adapt by strengthening defenses, improving incident response, and fostering transparency across the industry.

For consumers, the incident may mean temporary shortages and higher prices. For businesses, it is a call to action: invest in cybersecurity, collaborate with trusted partners, and prepare for the unexpected. The resilience of our food supply—and the trust of millions—depends on it.

How can we help?

About databahn

databahn is a GenAI-powered sales intelligence Platform as a Service delivering real-time insights on Fortune 1000 and Global 2000 accounts. Our AI analyzes the deep web to generate dynamic company profiles, org charts, and sales triggers—cutting research time by 80% while tripling revenue opportunities. Specializing in tech initiatives, we provide hyper-relevant intelligence to engage decision-makers precisely. Unlike static reports, our always-on AI interprets buying signals, recommends strategies, and continuously learns. Trusted by tech leaders since 2015, we're redefining sales intelligence with actionable, AI-driven insights that accelerate pipeline and crush quotas.

Follow us

American Express Apple Pay DiscoverGoogle Pay MastercardPayPalShop Pay Visa
Copyright © 2025 Databahn.