United Natural Foods, Inc. (UNFI), a major North American grocery wholesaler and primary distributor for Whole Foods Market and other grocery retailers, recently suffered a significant cyberattack that has disrupted its operations and affected grocery supply chains across the United States.
UNFI said it “proactively” shut down some of its systems as part of its response to the cyber incident and was “actively working to assess, mitigate, and remediate” the situation with the help of cybersecurity professionals. Taking systems offline has “temporarily impacted the Company’s ability to fulfill and distribute customer orders,” the filing said.In UNFI’s third-quarter earnings release the following day, CEO Sandy Douglas said the grocery wholesaler was “focused on diligently managing through the cyber incident we announced yesterday to rapidly and safely restore our capabilities, while helping our customers with short-term solutions wherever possible.”The company provides products to more than 30,000 customer locations, including those for large and small grocery retailers.
Customers at Whole Foods, perhaps the most significant grocery outlet impacted, are complaining of empty shelves.
“Our frozen cooler is empty, our bread hearth is bare and customers are increasingly upset,” one barista and bakery employee at a Whole Foods located in Arkansas told CNN.The employee, who requested anonymity because she was not authorized to speak to the media, complained there is a “complete lack of transparency” about the disruption and that “nearly every department has been heavily impacted.”United Natural Foods, the primary food distributor to Whole Foods, disclosed the damaging cyberattack and disruption to its business on Monday, sending its stock plunging 7%. UNFI (UNFI) shares sank more than 10% on Tuesday, leaving it down about 17% since disclosing the cyberattackIt’s unclear how widespread the supply disruptions to Whole Foods are, but an update from UNFI on Tuesday suggests significant problems. The company said it’s currently shipping to customers only on a “limited basis.”
The attack has also disrupted pharmacy operations at some locations. For example, in Minnesota, about half of the affected pharmacies were able to remain operational, but others could not fill new or refill prescriptions. Shortages of some medications were being reported.
WCCO talked with a triage nurse in the Twin Cities. She didn’t want to share her identity, but she did want to share the headache the Cub Foods pharmacy disruption is causing her patients.”Anytime you transfer a controlled substance to a pharmacy that a pharmacy isn’t familiar with the patient, they need to call us and get all this information on the patient. So, then they’re waiting even longer for their prescriptions. We have one patient who’s been waiting four days to get her prescription filled,” the nurse told WCCO. “And then some of the medications we’re prescribing have shortages on them. So, they were getting them reliably from Cub and now they’re being told that they’ve got to call around everywhere else to find shortages. It’s wild.”
The cybersecurity profile for the firm apparently was not robust.
It’s not clear how much UNFI has spent on cybersecurity, nor who is ultimately responsible for cybersecurity at the company.A spokesperson for UNFI did not respond to a request for comment when contacted by TechCrunch on Tuesday.Much of the UNFI’s external-facing systems are offline, including web systems used by suppliers and customers, as well as the company’s VPN products, according to checks by TechCrunch.
CLICK HERE FOR FULL VERSION OF THIS STORY