When the Groceries Don’t Show Up
$400 Million, a Cyberattack, and the Rotten Core of Our Food System
When the UNFI story first broke, I wrote a short piece here as an initial reaction. But this? This is the one that matters. The full scope. The system’s failure. The questions no one wants to answer.
In June, United Natural Foods (UNFI) got hit with a cyberattack. Not a “change your password” kind of thing. I mean systems-down, trucks-stopped, shelves-empty type of cyberattack. A full-blown breakdown that took out the backend of one of the country’s largest food distributors. And now? UNFI is staring down the barrel of a $400 million sales loss.
Not millions in damages. Not millions in fines. Lost sales. That’s the actual revenue that evaporated because someone breached their systems and said, “No groceries for you.”
This wasn’t a minor incident buried in a security blog; this hit hard. UNFI is the primary distributor for Whole Foods and moves products to over 15,000 retailers. When they go down, we all feel it. And when the dust settles and the insurance checks get cut, someone still has to cover the cost.
Let’s talk about that money. Let’s talk about what gets trimmed when your margins are thin and your operations just ate a $400 million punch to the gut. Will it be employee cuts? Preventative maintenance? Project cuts? Food safety checks? All of the above? Probably. Because the money has to come from somewhere, and the most vulnerable line items are usually the ones that don’t scream until something goes very, very wrong.
This is where it gets real, because cyber insurance is stepping in, UNFI expects insurance to cover most of the damage, which means the losses may not appear so severe on their balance sheet. Investors will exhale. Executives will say all the right things. But here’s the thing: that insurance payout doesn’t undo the damage. It doesn’t restock the shelves. It doesn’t rebuild trust. And it sure as hell doesn’t make us safer.
(Quick note, UNFI hasn’t disclosed the type of cyberattack yet, but researchers agree it “feels” like a ransomware attack.)
And if we’re being brutally honest? That same cyber insurance might be the reason this happened in the first place. Because attackers are clever, they know how the game works. They know who’s insured, who isn’t, and how to price the pain. If you’ve got a cyber policy, they don’t see protection; they see potential. That payout? It’s their ceiling.
Studies have shown that insured companies get hit harder and pay more. The moment an attacker finds a policy, the ransom demand increases. You have a $10 million policy? Guess what the demand is going to be. There’s a playbook for this now, and it reads like a ransom note written by someone who knows your deductible.
So yes, insurance helped UNFI stay afloat. But let’s not pretend it didn’t also paint a target on their back.
This wasn’t just about money. It was about disruption. The hackers knew that taking out UNFI wouldn’t just hurt one company; it would also affect the entire industry. It would ripple across Whole Foods, independent retailers, and co-ops nationwide. It would leave empty shelves and force last-minute sourcing scrambles. And that’s exactly what happened.
Disruption was the product. Chaos was the leverage. And whether the ransom was paid or not, the attackers got what they wanted: attention, panic, and proof of concept.
Now ask yourself: Who benefits from that kind of disruption? Certainly not the consumer trying to buy produce. But maybe a competitor. Perhaps a bad actor testing the system. Maybe someone is shorting stocks before the news hits. There are various ways to profit from chaos, and not all of them involve ransom notes.
And this wasn’t a one-off. We’ve seen this play before. JBS. Dole. Sysco. Every major food player that has been hit shows us the same truth: our food system is interconnected, fragile, and wildly underprepared for cyber threats. The bigger the company, the bigger the domino.
So what happens next? UNFI says they’re bouncing back. That’s good. But they’re going to have to prove that to partners, customers, and regulators that they’re not just patching holes with money. This isn’t just about upgrading firewalls; it’s about resilience.
They’ll need to overhaul systems, rethink continuity plans, retrain or hire staff, and build trust from the ground up. And the rest of the industry? They need to take notes. Because if UNFI can get knocked down this hard, so can anyone.
And let’s talk about trust. Whole Foods customers weren’t just annoyed. They were confused. Why are the shelves empty? Why does it feel like 2020 again? People don’t forget that feeling. And supply chain trust is like a sourdough starter. It takes time to build, and seconds to kill.
Which brings us back to the system. Because UNFI isn’t just a company, they’re a node in a tightly wound web of distribution, logistics, and just-in-time inventory. That web is efficient, but not resilient. When one thread snaps, the whole thing tightens and frays. And if we don’t start treating food distribution as critical infrastructure, we’re going to keep learning the hard way.
Cyber insurance didn’t stop this attack. It cleaned up the financial mess after the fact. That’s not resilience. That’s disaster financing. Real resilience means investing in prevention, in segmentation, training, and backups. In boring, unsexy operational security that keeps food moving even when the lights flicker.
So yes, I’m glad UNFI had insurance. But I’m more interested in whether they’ll use this moment to rebuild something stronger. Because next time, the stakes could be higher. The next shelf that goes empty might hold medicine. Or baby formula. Or water.
And I don’t want to find out who pays for that.
Stay Safe, Stay Curious,
Kristin King
