U.S. grocery distribution giant United Natural Foods (UNFI) said on Tuesday it is working to restore its capabilities following a cyberattack last week that continues to disrupt the grocery supply chain.
UNFI said as part of its third quarter earnings report that it was “diligently managing through the cyber incident” it confirmed on Monday. The company is “helping our customers with short-term solutions wherever possible,” said UNFI chief executive Sandy Douglas in prepared remarks.
On the company’s post-results conference call, Douglas said UNFI is “continuing to safely bring our systems back online and restore broad-based customer service as soon as possible.”
The company, which is the primary distributor for Amazon-owned Whole Foods, and supplies over 250,000 grocery store products including frozen goods, disclosed on Monday that it had identified unauthorized access to its IT systems. Douglas said on its call Tuesday that the company has since shut down its entire network.
The company has not described the nature of the cyberattack, but it said the intrusion was causing ongoing disruptions to its operations, including its ability to fulfill and distribute customer orders.
Douglas told investors on the call that the company was shipping to customers “on a limited basis.”
One customer of UNFI told TechCrunch that they are trialing a new product in Whole Foods stores this week, but said much of their supply had not been delivered. The customer said they have heard nothing from either UNFI or Whole Foods about the disruption.
TechCrunch has heard anecdotal reports of diminished or empty shelves at some stores affected by the disruption at UNFI, but it is not immediately clear if this is due to the cyberattack or other supply chain issues. Much of the downstream real-world impact on grocery stores and their customers may not be seen until later this week.
Whole Foods has not returned a request for comment from TechCrunch. Reuters cited a Whole Foods spokesperson as saying that the retail giant was “working to restock our shelves as quickly as possible” and referred additional questions back to UNFI.
It’s not clear how much UNFI has spent on cybersecurity, nor who is ultimately responsible for cybersecurity at the company.
A spokesperson for UNFI did not respond to a request for comment when contacted by TechCrunch on Tuesday.
Much of the UNFI’s external-facing systems are offline, including web systems used by suppliers and customers, as well as the company’s VPN products, according to checks by TechCrunch.
UNFI reported $8.1 billion in net sales in the quarter ended May 3, 2025. The company said it was expecting to report a loss on net income and earnings per share for its 2025 outlook following the ending of a contract with a grocery store chain’s operations in the U.S. northeast, but that it is not adjusting its outlook at this time due to the “ongoing assessment” of the cyberattack.
