United Natural Foods, the wholesale grocery distributor for Amazon’s Whole Foods, has taken some of its systems offline in response to a cyberattack. The disruption has reportedly led to sparsely stocked shelves at Whole Foods stores across the country.
In a statement on Monday, June 9, the Rhode Island-based company announced that it had proactively pulled the plug on multiple systems after detecting what it described as “unauthorized activity.”
“As soon as we discovered the activity, an investigation was initiated with the help of leading forensics experts, and we have notified law enforcement,” the statement said. “We are assessing the unauthorized activity and working to restore our systems to safely bring them back online.”
In a filing with the U.S. Securities and Exchange Commission (SEC), United, which reported detecting the intrusion on Thursday, June 5, said, “The incident has caused, and is expected to continue to cause, temporary disruptions to the company’s business operations.”
‘Lotsa empty shelves’
Shoppers have already noticed the effects.
In posts on social media, consumers reported a lack of products at numerous Whole Foods locations.
“At Whole Foods just now. Lotsa shelves empty,” an X user in San Diego wrote. “I asked what’s going on. One of the largest food distributors in the US got cyberattacked. That’s umm troubling the food supply can be disrupted this way.”
At Whole Foods just now. Lotsa shelves empty
— Julie Chang (@JulieChangRE) June 10, 2025
I asked what’s going on. One of the largest food distributors in the US got cyberattacked
That’s umm troubling the food supply can be disrupted this way pic.twitter.com/GG9UsftcI4
Few details are known about the cyberattack. The company has not disclosed whether the breach resulted in the loss of data or if a culprit has been identified.
In a statement to Straight Arrow News, Grace Turiano, United’s director of external communications, reiterated the company’s efforts to resume operations.
“We continue working steadily to safely restore our systems and provide the services our customers and suppliers know and expect from us,” Turiano said. “As of today, we’re gradually bringing our ordering and receiving capabilities back online, with the goal of further increasing our capacity over the coming days.”
United did not answer questions about whether any ransomware groups, known for data theft and extortion, were believed to be responsible for the incident. SAN’s analysis of dark web sites listing ransomware gang leaks did not show any group claiming responsibility.
“The investigation is ongoing with the support of leading forensics experts,” Turiano said. “Our customers, suppliers and associates are our highest priority. We continue to work closely with them to minimize disruptions as much as possible.”
An internal communication shared within Whole Foods, as reported by TechCrunch, said the disruption may take “several days to resolve.”
United is far from the first company in the food industry to be targeted by cybercrime. In March, the Walmart-owned warehouse chain Sam’s Club announced an investigation after a ransomware group known as “Cl0p” claimed it was behind a breach of the company’s systems.
