Cyber Incident Victim: United Natural Foods
Date:
Jun 2025
Location:
United States of America
Summary
United Natural Foods reported unauthorized access to its information technology systems and activated its incident response plan, including taking portions of its network offline to contain the intrusion. The action temporarily disrupted the company’s ability to fulfill and distribute customer orders, prompting it to implement workarounds for certain operations to maintain service where possible. The company is working with third‑party cybersecurity professionals and has notified law enforcement while the investigation into the scope and impact of the incident remains ongoing. It continues to restore affected systems safely and bring them back online.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 0 motives | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On June 5, 2025, United Natural Foods, Inc. filed a Form 8-K with the U.S. Securities and Exchange Commission stating that on that date it became aware of unauthorized activity on certain of its information technology systems. The company said it promptly activated its incident response plan and implemented containment measures, including proactively taking certain systems offline. According to a TechCrunch report published on June 5, 2025, United Natural Foods announced on Monday, June 2, 2025, that it had been hit by a cyberattack and warned of disruptions to its ability to fulfill and distribute customer orders. The TechCrunch article noted that the company said it became aware of unauthorized access to its IT systems last Thursday, which would have been May 29, 2025, and began shutting down portions of its network. The filing indicated that the company had implemented workarounds for certain operations in order to continue servicing its customers where possible. The filing also noted that the intrusion had caused, and was expected to continue to cause, temporary disruptions to the company’s business operations.
The company stated that it was working actively to assess, mitigate, and remediate the incident with the assistance of third‑party cybersecurity professionals and had notified law enforcement. According to the filing, the investigation to assess the impact and scope of the incident remained ongoing and was in its early stages. The TechCrunch article reported that a United Natural Foods spokesperson declined to describe the nature of the cyberattack or say whether the intruder had demanded a ransom. The spokesperson said the company was assessing the unauthorized activity and working to restore its systems to safely bring them back online. The filing noted that, pursuant to its business continuity plans, the company had implemented workarounds for certain operations in order to continue servicing its customers where possible. The company said it continued to work to restore its systems to safely bring them back online and had not provided an expected timeline for recovery.