United Natural Foods fulfilling orders on ‘limited basis’ in wake of cyberattack
United Natural Foods’ operations remain significantly impacted by a cyberattack that prompted the company to completely shut its network down last week, executives said Tuesday.
The food distributor and wholesaler is fulfilling some customers’ orders on a limited basis, depending on the technology platform involved, and some customers are maintaining inventory with help from other wholesalers, CEO Sandy Douglas said on the company’s earnings call for its fiscal year 2025 third quarter, which ended May 3.
Douglas declined to describe the company’s current operation levels on a percentage basis. United Natural Foods operates 52 distribution centers that fulfill about 250,000 products from more than 11,000 suppliers to 30,000 customer locations in North America. The company is also Whole Foods Market’s primary food distributor.
“How we work together with customers in a crisis, in some ways, is a defining opportunity for us,” Douglas said. “Until we reach a point of functional equilibrium, and when our systems are safe and operating as they should, we have to focus on existing customers and meeting their needs with every ounce of our energy, and that’s what we’re doing.”
United Natural Foods declined to update its financial outlook, due to the ongoing assessment of the cyberattack’s impact, and Douglas said it’s too early to quantify financial impact from the attack.
Costs associated with the recovery include the company’s efforts to mitigate and resume operations, and additional work underway across sales, supply chain and procurement to assist suppliers and customers.
“I would also caution everyone not to make assumptions about the length of the issue,” Douglas said in response to an analyst’s question.
The attack on United Natural Foods follows a wave of ransomware and extortion attacks on retailers and grocery stores in the United Kingdom in April. Security researchers attributed the attack spree to the cybercrime collective Scattered Spider, which last month shifted its focus to U.S.-based retailers in early May.
The circumstances of the attack on United Natural Foods bear similarities and follow the pattern of recent Scattered Spider activities, but researchers have yet to attribute the attack on the food distributor to a specific threat group.
United Natural Foods said it discovered the intrusion on Thursday and, upon investigation, decided to shut its systems down late Friday. The company filed a regulatory filing about the incident Monday morning before markets opened.
Executives described the company’s cybersecurity investments as significant, and said the attack puts additional focus on areas of potential defense improvements.
“I think a company needs to be both high capability and humble when it relates to cybersecurity, and this event is just a demonstrated example of why,” Douglas said.
