Cyberattack at United Natural Foods to impact quarterly profits reported

In a recent turn of events, United Natural Foods Inc. (UNFI) has fallen victim to a cyberattack, causing a significant disruption to its operations and finances. The attack, which occurred on June 5, has resulted in reduced sales volume and increased operational costs.

The cyberattack has had far-reaching consequences, affecting food supplies to grocery stores across the U.S., including Whole Foods locations. UNFI, a company that regularly receives and ships products to retailers across its distribution network, was forced to switch to manual order-processing procedures due to the attack.

However, the company has managed to restore the core systems for electronic ordering and invoicing, allowing business operations to normalize. Despite the setbacks, UNFI remains optimistic about its ability to achieve its previously disclosed strategic and financial objectives in the long term.

The attack is expected to materially affect UNFI's quarterly earnings, as the company announced. The costs associated with the cyberattack, including investigation and remediation, are expected to be covered by UNFI's cybersecurity insurance policy. The full claim and settlement process for the cyberattack is expected to extend into UNFI's 2026 fiscal year.

Corporate stakeholders are seeking to better understand the risk calculus of their technology stacks in light of this incident. The question on many minds is: Are we a target? The cyberattack on UNFI serves as a stark reminder of the supply chain risks facing the food and agriculture sector.

In a positive development, UNFI will provide a financial update in July. This update will include its strong operating results in the third and fourth quarters of the fiscal year, along with the estimated impact of the cyberattack. The company believes that the cyberattack is likely to have a material impact on its net income/(loss) and adjusted EBITDA for the fourth fiscal quarter of 2025.

While specific companies that CISOs have named as targets of recent cyberattacks with potential material impact on financial results in 2026 remain unidentified in publicly available information, this incident underscores the importance of robust cybersecurity measures for all businesses.