Cybercrime

United Natural Foods loses up to $400M in sales after cyberattack

The food distributor and wholesaler completely shut down its systems upon discovering the attack last month, yet core systems were restored and normal operating capacity returned within three weeks.

By Matt Kapko

July 17, 2025

Listen to this article

0:00

This feature uses an automated voice, which may result in occasional errors in pronunciation, tone, or sentiment.

A shelf is seen bare in the frozen foods section of a Whole Foods store on June 11, 2025 in San Rafael, California. United Natural Foods, the primary food distributor to Whole Foods, paused deliveries to Whole Foods stores after a cyberattack crippled its system. Some Whole Foods stores are experiencing empty shelves and freezers. The company said this week that the attack will cost them up to $400 million in lost sales. (Photo by Justin Sullivan/Getty Images)

United Natural Foods said the cyberattack that prompted the food distributor and wholesaler to completely shut down its network last month resulted in lost sales of up to $400 million. Executives, during a business update call Wednesday with analysts and investors, said the financial impact from the attack is largely contained to the current quarter, which ends in early August.

The operational interruption caused by the cyberattack, which the company discovered June 5 and disclosed four days later, will result in a net income loss of up to $60 million. Executives did not mention a ransom demand or payment during the call.

The attack on Whole Foods Market’s primary distributor was part of an ongoing attack spree linked to Scattered Spider, a financially motivated cybercrime collective that’s hit dozens of companies in the retail, insurance and aviation industries since it regrouped earlier this year.

The orders United Natural Foods was unable to fill — resulting in empty store shelves and spoilage in the wake of the attack — shows the wide financial impact of cybercrime. The company operates 52 distribution centers that fulfill about 250,000 products from more than 11,000 suppliers to 30,000 customer locations in North America.

“Because of the unique role UNFI plays in the food-supply chain, we recognize that this cyber incident impacted our customers and the industry we serve. We never want to be the reason that a local grocer is out of stock on a product that their shoppers count on,” CEO Sandy Douglas said during the call.

Direct costs related to the attack include an estimated $20 million incurred as the company used manual workarounds while systems were offline, and $5 million for remediation costs, including third-party cybersecurity, legal and governance experts brought in to assist with response and recovery efforts.

United Natural Foods expects its cyber insurance policy to sufficiently offset those recovery and remediation costs, but noted that reimbursement will likely arrive in fiscal year 2026, which starts in August.

Meantime, the company has mostly recovered and returned to normal operations. “As of this week, our commercial operating capacity has been restored to normalized levels, average outbound fill rates, on-time deliveries and units shipped are at or close to pre-incident levels, with some variation across distribution centers. We expect continued improvement as we complete our recovery in the coming weeks,” Douglas said.

United Natural Foods restored its primary electronic ordering systems June 16, 10 days after it took systems down, Douglas added. While the restoration is ongoing for some less critical tools, including customized reporting platforms, the company has achieved the bulk of its recovery requirements.

“By June 26 we had safely restored our core systems and broadly returned to more normal operating capacity across our distribution network,” Douglas said. “Since then, we’ve continued working closely with our customers and suppliers to catch up on various business processes, including purchase orders, invoicing and payments that were temporarily delayed during the disruption period.”