Early last month, one of the U.S.’s largest wholesale food distribution companies, United Natural Foods, Inc. (UNFI) was hit with a massive cyberattack that crippled its systems and resulted in delayed and halted deliveries to many grocery stores, including Whole Foods. While UNFI is recovering, distributor-focused cyberattacks continue to rise – which begs the question, how will this impact the future stability of the supply chain?

Details of the UNFI attack

When UNFI became aware that its IT systems were being attacked on June 5, it halted ordering operations to protect its data and launched an investigation to discover the source of the breach. According to Grocery Dive, the company had to manually receive and fulfill orders during that time, and given that UNFI is the “largest full-service grocery partner in North America,” responsible for grocery products in over 30,000 stores, this caused significant disruptions within the supply chain. Many local grocery stores were unable to complete orders with the company, resulting in empty shelves.

Now over a month after the attacks, UNFI’s core systems are once again operational, though profits for the quarter have been significantly reduced. Although the perpetrators of the attack have yet to be identified, many have attributed the actions to Scattered Spider, the hacker group that attacked UK retailers earlier this year, and has since threatened to turn its attention to U.S. retailers.

The future of cyberattacks and the food supply chain

According to Insurance Business Magazine, supply chain cyberattacks rose over 400% between 2021 and 2023, with organizations like Sam’s Club and JBS Foods, the largest global provider of beef, being hit by ransomware attacks in recent years. In the future, cyberattacks in the food and agriculture sector could significantly impact our everyday lives. Steve Cobb, CISO at SecurityScorecard, writes:

“When threat actors target the backbone of food distribution in North America, they’re not just freezing systems; they’re freezing supply chains. For companies delivering fresh and frozen goods, even a short disruption can lead to spoilage, shipment delays, and major logistical headaches.”

Because computer systems are a core component of modern businesses, any threat to those systems could pose a threat to society itself. Jennifer Gregory, cybersecurity writer at IBM recently noted that cyberattacks on the agriculture and food industry could impact not only distribution, but even food safety, growing, and harvesting as well. As Gregory notes, even a small disruption in one sector is enough to cause major disruptions in other parts of the system. At the FBI Agriculture Threats Symposium in August 2024, Nebraska Gene Kowel, FBI Special Agent, warned,

 “The cyber risk and national security threat to farms, ranches and food processing facilities is growing exponentially. The threats are evolving, becoming more complex and severe.”

With global food security at risk, it’s more important than ever that companies in the food and agriculture industry increase cybersecurity measures. The issue is so serious that the federal government is even taking measures to help curb attacks – a new bill called the Farm and Food Cybersecurity Act is currently being discussed in the legislature in an effort to address rising concerns over the security of the American food supply.