In today’s digital age, cyber threats are increasingly becoming a critical concern for businesses across all sectors. United Natural Foods Inc. (UNFI), North America’s largest publicly traded wholesale distributor, recently experienced the harsh reality of these threats when it was forced to shut down some systems following a cyberattack. This incident underscores the importance of proactive cybersecurity measures, including advisory services, managed Security Operations Centers (SOC), and incident response plans.
The Incident
UNFI operates 53 distribution centers and delivers fresh and frozen products to over 30,000 locations across the United States and Canada. The company serves supermarket chains, e-commerce providers, natural product superstores, independent retailers, and food service customers, making it a vital link in the food supply chain. As a primary distributor for Amazon’s Whole Foods, UNFI reported $31 billion in annual revenues in August 2024, works with more than 11,000 suppliers, and has over 28,000 employees.
On Thursday, June 5th, they discovered a cyberattack that forced them to take some systems offline, impacting their ability to fulfill and distribute customer orders.
Response and Containment
According to bleepingcomputer.com, UNFI promptly activated its incident response plan, implementing containment measures that included proactively taking certain systems offline. While these actions temporarily disrupted the company’s business operations, they were crucial in mitigating further damage.
Since the breach was discovered, UNFI has notified relevant law enforcement authorities and hired external cybersecurity experts to investigate the incident. Additionally, the company has taken measures to maintain customer service continuity, implementing workarounds until affected systems are restored.
Importance of Supply Chain Responsibilities
This incident highlights the critical need for businesses to understand their supply chain responsibilities. A cyberattack on a key distributor like UNFI can have ripple effects throughout the supply chain, affecting numerous customers. For instance, UNFI is the primary distributor for Whole Foods which creates risk for UNFI as the supplier, and Whole Foods as the customer. This direct link is where organizations must look both up and down stream to identify their connections and impacts of disruption through those connections.
Crisis Communications
Effective crisis communications are vital in managing the aftermath of a cyberattack. Transparent and timely communication with stakeholders, including customers, suppliers, and employees, helps manage expectations and maintain trust. In an incident like this, prompt disclosure of the incident and ongoing updates are key examples of how to handle crisis communications effectively.
The Digital-Physical Connection
Cyberattacks often start in the digital realm but can have physical consequences. In UNFI’s case, the attack led to operational disruptions that affected physical distribution centers and employee shifts. Businesses must recognize that cybersecurity is not just about protecting digital assets but also ensuring the continuity of physical operations.
Although, UNFI handled this incident well, there were still challenges that arose from the attack that have and will cause issues for them as time goes on as it relates to legal and compliance. Continued preparedness and management of cyber threats is crucial for business operations to be maintained.
Advisory Services and Managed SOC
Engaging in comprehensive advisory services can help organizations identify potential vulnerabilities, develop robust security strategies, and ensure compliance with industry standards. Additionally, a managed Security Operations Center (SOC) offers continuous monitoring and management of security alerts, ensuring that threats are detected and addressed promptly. In today’s threat environment, minutes count. A delayed response could lead to days or weeks of disruption if the threat gains a foothold.
Incident Response Plans
Being prepared with an appropriate incident response plan is crucial. UNFI’s swift activation of its incident response plan allowed it to contain the breach and mitigate further damage. An effective incident response plan should include clear procedures for identifying, containing, eradicating, and recovering from cyber incidents.
Conclusion
This cyberattack serves as a stark reminder of the importance of comprehensive cybersecurity measures. By understanding supply chain responsibilities, engaging in advisory services, utilizing managed SOCs for active alert management, maintaining effective crisis communications, and having a well-prepared incident response plan, businesses can better protect themselves against cyber threats and ensure continuity in their operations.
In efforts to help organizations understand their preparedness for an incident, our incident response team at SpearTip developed a free Incident Response Assessment: https://www.speartip.com/incident-response-readiness/
By answering questions about your incident response plans and policies, you’ll receive a score and helpful tips on ways to improve your response process. After you’ve completed it, you can sit down with our team and discuss next steps around your entire cyber protection program.
For more information on how SpearTip can help your organization enhance its cybersecurity posture, contact us today.
Email us at [email protected], or call 800.236.6550 to learn more.
The information in this newsletter publication was compiled from sources believed to be reliable for informational purposes only. This is intended as a general description of certain types of managed security services, including incident response, continuous security monitoring, and advisory services available to qualified customers through SpearTip, LLC, as part of Zurich Resilience Solutions, which is part of the Commercial Insurance Business of Zurich Insurance Group. SpearTip, LLC does not guarantee any particular outcome. The opinions expressed herein are those of SpearTip, LLC as of the date of the release and are subject to change without notice. This document has been produced solely for informational purposes. No representation or warranty, express or implied, is made by Zurich Insurance Company Ltd or any of its affiliated companies (collectively, Zurich Insurance Group) as to their accuracy or completeness. This document is not intended to be legal, underwriting, financial, investment or any other type of professional advice. Zurich Insurance Group disclaims any and all liability whatsoever resulting from the use of or reliance upon this document. Nothing express or implied in this document is intended to create legal relations between the reader and any member of Zurich Insurance Group. Certain statements in this document are forward-looking statements, including, but not limited to, statements that are predictions of or indicate future events, trends, plans, developments or objectives. Undue reliance should not be placed on such statements because, by their nature, they are subject to known and unknown risks and uncertainties and can be affected by numerous unforeseeable factors. The subject matter of this document is also not tied to any specific service offering or an insurance product nor will it ensure coverage under any insurance policy. No member of Zurich Insurance Group accepts any liability for any loss arising from the use or distribution of this document. This document does not constitute an offer or an invitation for the sale or purchase of securities in any jurisdiction.
In the United States, Zurich Resilience Solutions managed security services are provided by SpearTip, LLC.
Copyright © 2025 SpearTip
Identify, neutralize, and counter cyberattacks - provide confidence in your security posture
©2025 SpearTip, LLC. All rights reserved.