United Natural Foods, Whole Foods’ primary distributor, has been hit with a cyberattack that may leave some grocery store shelves empty.
In a statement, the company said: “We have identified unauthorized activity in our systems and have proactively taken some systems offline while we investigate. As soon as we discovered the activity, an investigation was initiated with the help of leading forensics experts and we have notified law enforcement.”
With systems offline, and no clear timeline for them to be back up and running, stock on Whole Foods’ shelves may soon start to run out. The computer system was used to connect customers to the supplier and get deliveries of goods.
“We are assessing the unauthorized activity and working to restore our systems to safely bring them back online. As we work through this issue, our customers, suppliers, and associates are our highest priority,” United Natural Foods, added.
In an SEC filing, the company said pursuant to its business continuity plans, it has implemented workarounds for certain operations in order to continue servicing its customers wherever possible. ds. A Whole Foods spokesperson said they are “working to restock our shelves as quickly as possible and apologize for any inconvenience this may have caused for customers.”
Extending the Attack Surface
Fletcher Davis, Senior Security Research Manager at BeyondTrust, commented: “Retailers collect and store vast amounts of valuable personal and financial data, such as credit card numbers, payment details, home addresses, and phone numbers. One breach can often yield a large amount of records that can be sold on dark web markets. Retailers also often work with third-party vendors, payment processors, and service providers, extending the attack surface of the retailers’ network. Seasonal pressures during holiday shopping can also delay detection and response capabilities, as well as increase the impact of a potential breach.”
Bad actors targeting the retail industry largely obtain access to these networks through social engineering or supply chain / third-party compromises, Davis added. “IT help desk staff remain primary targets for various cybercrime groups where attackers pretend to be employees or contractors in order to gain access to credentials and company systems. Attackers also target smaller, less secure vendors who have access to retailer networks, such as payment processors, inventory management companies, and contractors. Vendors often have access to internal resources and systems containing sensitive data.”
Retail Under Siege
This recent attack further compounds the challenges faced by the already struggling retail industry, adding yet another disruption, added Aditi Gupta, Senior Manager, Professional Services Consulting at Black Duck. “Supply chain attacks have surged by a staggering 431% from 2021 to 2023 and continue to rise in 2025. The digitization of critical functions such as inventory management and order processing are essential for the retail industry, and these attacks serve as a true test of their business continuity capabilities.”
Moving Quickly Through Networks
Venky Raju, Field CTO at ColorTokens, said that while initial reports from United Natural Foods (UNFI) suggested that they had isolated the compromised systems, they soon followed up with a statement that the entire network was shut down. “This suggests that the malware moved more quickly through their network than their attempts to contain the spread. With its entire network shut down, UNFI customers have been unable to submit orders and have them fulfilled, resulting in significant business losses for all parties.”
This strengthens the business case for implementing microsegmentation pervasively in the network, Raju added. “Furthermore, stopping lateral movement before and during a breach must become a key consideration in business continuity planning and the overall cyber resilience strategy. Implementing Zero Trust, specifically microsegmentation, is often considered arduous and is therefore rarely prioritized. However, there are next-generation microsegmentation solutions that enable the reduction of lateral movement spread with minimal effort and cost. The MITRE ATT&CK framework enumerates the most common techniques used by attackers to move laterally from one system to another, and is a great starting point for implementing microsegmentation policies.”
Information Security Buzz News Editor
Kirsten Doyle has been in the technology journalism and editing space for nearly 24 years, during which time she has developed a great love for all aspects of technology, as well as words themselves. Her experience spans B2B tech, with a lot of focus on cybersecurity, cloud, enterprise, digital transformation, and data centre. Her specialties are in news, thought leadership, features, white papers, and PR writing, and she is an experienced editor for both print and online publications.
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.