Lisa A. Gardner, Ph.D., CPCU, AIC, AIDA, API,
is the Associate Director, Content and Research, at the Risk & Insurance Education Alliance.
In June of 2025, United Natural Foods Inc. (UNFI) disclosed that the company had discovered “unauthorized activity” in its systems. In short, they were hacked. In response to this cyber-attack, UNFI shut down specific systems, including ordering, shipping, and receiving systems. The company’s containment efforts increased expenses while simultaneously lowering revenue, market share, and reputation, resulting in a decline in its stock price.
What makes this loss especially noteworthy is its impact on the natural food supply chain, which is significant due to UNFI’s size. On its website, UNFI describes itself as “one of the largest publicly traded wholesale distributors of healthier food options across North America.” UNFI distributes over 250,000 different products, supported by its 52 distribution centers across the US and Canada, which serve approximately 30,000 customers. The company ranks as the top supplier to natural foods grocery giant Whole Foods. UNFI also owns two small regional supermarket chains (CUB and Shoppers Food).
The effect of the hack and subsequent efforts to contain UNFI losses meant that wholesale customers also lost revenues as they experienced inventory shortages. These customers included grocery stores, co-ops, e-commerce retailers, and educational institutions, such as schools. In response to inventory shortfalls, some UNFI customers established relationships with other suppliers of groceries.
The effect on the approximately 11,000 UNFI suppliers was also likely substantial, as UNFI temporarily shut down its receiving systems. Suppliers range from local and regional producers to national brands. Depending on the terms of their supplier agreements, these suppliers may have seen a reduction in incoming revenues from UNFI.
The consequences of this cyber-attack might have been worse. For example, hackers could have accessed personal information or protected health information. According to a recent Securities and Exchange Commission filing by UNFI, this did not happen. In the same filing, the company notes that it has cyber insurance, which it expects to be “adequate” to cover its loss.
If UNFI were your client, would they have had adequate coverage for such an event? Would they have been as susceptible to this or other types of cyberattacks? Do you know how to help evaluate their exposures?
Protect Your Clients from Financial Loss—Learn Cyber Exposures and Coverage at Your Own Pace!
If you are unsure about the types of cyber exposures and coverage available or have some familiarity but would like an update, consider the Cyber Exposures and Coverage course. Now offered by the Risk & Insurance Education Alliance as a self-paced course, and takes approximately three hours to complete. Some states provide continuing education (CE) credit for the course.
For more information, see:
References
- Biscotti, L. (2025, June 24). Cyberattack Reveals Soft Underbelly Of Supermarket Food Supply. Retrieved from Forbes.com
- United Natural Foods Inc. (2024). Introduction to UNFI and the Grocery Wholesale Distribution Business. Providence: United Natural Foods Inc.
- United Natural Foods Inc. (2025, June 27). About Us. Retrieved from United Natural Foods Inc.
- United Natural Foods Inc. (2025, June 9). News. Retrieved from United Natural Foods Inc.
- United Natural Foods Inc. (2025, June 15). News. Retrieved from United Natural Foods
- United Natural Foods, Inc. (2025, June 21). United States Securities and Exchange Commission, Form 8-K. Retrieved from SEC.gov
