Whole Foods Supplier Hit by Cyberattack, Disrupting Operations

United Natural Foods, Inc., recognized as the largest distributor of health and specialty foods in the United States and Canada, has disclosed a breach in its IT systems that has substantially disrupted its operations. The company serves as the primary supplier for Whole Foods, a high-end supermarket chain.

In a regulatory filing with the Securities and Exchange Commission, the company reported that it identified unauthorized activity within its systems, hindering its capabilities to fulfill and distribute customer orders. Although the investigation is ongoing, the firm acknowledges that further business interruptions are anticipated.

Based in Providence, Rhode Island, United Natural Foods extended its distribution contract with Whole Foods, which is owned by Amazon, through 2032. The company has warned that “temporary disruptions” will impact over 30,000 locations across all 50 states and all provinces in Canada, as a result of the breach.

The market responded negatively to the news, with the company’s stock initially tumbling by 9% before settling at approximately a 7% decline by the end of the trading day.

Cyberattacks on the food and agriculture sectors have dramatically increased, with research indicating a staggering 600% increase in such incidents in 2020 alone. Furthermore, the FBI has issued alerts regarding ransomware threats specifically aimed at farms and food suppliers, following numerous costly disruptions within the supply chain.

Recent notable attacks include the 2021 incident involving the meat processing giant JBS, which was linked to the REvil ransomware group. The company reportedly paid $11 million to resolve the situation. Furthermore, in 2023, Dole faced a debilitating attack that forced it to halt processing and suspend shipments. These incidents illustrate the escalating cyber threats targeting the retail and supply chain sectors.

According to Jeff Wichman, Director of Incident Response for Semperis, the latest breach at United Natural Foods underscores the vulnerability of retail operations to rising cyberthreats. He emphasized the necessity for the sector to remain vigilant in order to avert unpreparedness against such attacks.

In its latest press release, United Natural Foods stated that it is actively working to restore systems while taking measures to contain the breach by notifying law enforcement and bringing in forensic experts. No comments were provided by the company or Whole Foods at the time of this report.

The methodologies employed in this attack could align with various tactics outlined in the MITRE ATT&CK framework, including initial access through exploitation of vulnerabilities, persistence via unauthorized access mechanisms, and possible privilege escalation as attackers navigate internal systems. Businesses in similar sectors must enhance their cybersecurity postures to mitigate the risk of encountering similar incidents.