North American grocery wholesaler United Natural Foods told regulators that a cyber incident temporarily disrupted operations, including its ability to fulfill customer orders.
In a Monday filing with the US Securities and Exchange Commission, the health food distribution giant said it “activated its incident response plan and implemented containment measures, including proactively taking certain systems offline,” after uncovering unauthorized network activity on its IT systems on June 5.
“The incident has caused, and is expected to continue to cause, temporary disruptions to the Company’s business operations,” the Form 8-K continued. “The Company is working actively to assess, mitigate, and remediate the incident with the assistance of third-party cybersecurity professionals and has notified law enforcement.”
United Natural Foods is not a household name, but it provides natural and organic products to more than 30,000 retailers across the US and Canada, including Whole Foods, Amazon, Target, and Walmart, and reported $8.2 billion in net sales in its fiscal Q2, which ended February 1.
In a subsequent system update posted Monday on its website, the grocery wholesale giant said it was working with its customers, suppliers, and associates “to minimize disruption as much as possible.”
The Register has asked United Natural Foods for more details about the digital intrusion, including if it was a ransomware attack and when it expects to restore all of its IT systems and business operations, and will update this story if we hear back.
This incident is yet another reminder of how cyberthreats can cause real-world pain, including disruptions to the food supply and delivery systems.
In April, a ransomware attack disrupted the flow of food deliveries into Marks & Spencer stores in the UK, leaving some shelves bare and others with limited supplies. Meanwhile, hundreds of Ahold Delhaize USA’s grocery stores, including Stop & Shop, Hannaford, Food Lion, were affected by a cyberattack last November, just weeks before Thanksgiving.
“Although UNFI hasn’t stated as much, this attack has all the hallmarks of ransomware,” Paul Bischoff, consumer privacy advocate at Comparitech, wrote in an email to The Register. “These attacks can cripple companies and even force them to shut down permanently in some cases, so they should not be taken lightly. This attack could have knock-on effects including higher food prices for consumers.” ®
