Cyberattack on grocery supplier reveals fragility of US food supply
Hackers infiltrated one grocery distributor, and within days, there were bare shelves at stores around the country and even some pharmacies unable to fill prescriptions.
That's not the beginning of some thriller novel. It's the real events that played out earlier this month as major wholesale distributor UNFI, dealt with a cyberattack. But the moral of the story is already clear: The nation's highly consolidated food supply is in need of stout digital defenses to protect it.
'It pretty much exposes the fragility of our whole grocery system,' said Gregory Esslinger, a distribution expert, brand adviser and former UNFI manager. 'It's a national security issue, honestly.'
Based in Providence, Rhode Island, UNFI has about $31 billion in revenue and supplies 30,000 stores nationwide.
'It's been years, but they're still gradually integrating the SuperValu systems,' Esslinger said of UNFI. 'When you integrate systems, you potentially open doors to issues like this.'
While operations at the country's largest publicly traded grocery wholesaler have edged back to normal after UNFI detected the attack June 5 and shut down its ordering systems, preventing and better responding to the next hack will be the greater test.
'If it happens again, that would be the end of them,' Esslinger said. 'The confidence would be shattered.'
Having a handful of big suppliers like UNFI distribute the majority of the nation's groceries can help keep the price of food down, but it carries enormous risk when something goes wrong. Every part of the supply chain should take note of what happened and revisit their security plans, experts said.
'If you're in the industry, this is a great opportunity to take this to the board, ask for the budget, ask for what you need to mitigate the risks,' said Cliff Steinhauer, director of information security and engagement at the National Cybersecurity Alliance. 'You know the phrase, 'Don't let a good crisis go to waste.' I hate to say that, but you can take incidents like this and quantify it.'
Steinhauer and others believe the attack on UNFI was likely ransomware. Typically, that means a hacker has been able to access and lock up key systems, promising to free them only after the target pays a ransom.
'It does have all the telltale signs of a ransomware attack because the apparent effects are so widespread,' said Adam Marrè, the chief information security officer at the Minnesota-based cybersecurity firm Arctic Wolf.
But the company has released few details. UNFI on Wednesday declined to answer questions about the nature of the attack 'as the investigation is ongoing.'
'We've made significant progress toward safely restoring our electronic ordering systems,' the company said in a statement.
UNFI distribution centers are again taking orders and making deliveries as of Sunday.
Beyond the threat of Americans being unable to access food, attacks like these are also devastating to the company. Every moment of downtime in the logistics business is financially costly. Guggenheim analysts took down their quarterly sales estimate for UNFI by $250 million, a projected 3% hit to the wholesaler's top line. UBS analyst Mark Carden wrote the impact could last much longer.
'We do see some risk to customer retention,' Carden wrote. 'We expect disruption to UNFI's (revenue) to persist over the next few quarters.'
It's that kind of damage that makes grocery distributors and other key links in the supply chain such attractive victims for hackers.
'Ransomware actors target industries more likely to pay than not pay,' Marrè said. 'It appears they chose not to pay the ransom, which we recommend and so does law enforcement, but we also understand the business and life-saving realities surrounding that decision.'
The UNFI attack follows other critical infrastructure hacks like the Colonial Pipeline in 2021. Any other companies those spooked should take precautions and practice response plans, Marrè said.
'Prevention is great,' he said. 'But at the end of the day, the ability to detect and respond to an incident is a must. There needs to be backup plans and alternates in your supply chain.'
Esslinger said a number of factors might have contributed to the UNFI cyberattack and resulting shutdown, which stalled deliveries and, in some warehouses, saw employees taking orders on pen and paper.
'It's some lack of foresight or planning,' he said. 'The other train of thought is they recently laid off a number of people and outsourced some roles. Did that open the door?'
'UNFI regularly evaluates and adopts new tools and technologies as appropriate to strengthen our information security program to address evolving threats,' the company said in a statement, 'and we are continually taking steps to further enhance the security of our systems.'
Copyright (C) 2025, Tribune Content Agency, LLC. Portions copyrighted by the respective providers.
Hashtags
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
24 minutes ago
Sig Sauer, faced with lawsuits over a popular pistol, gets protection in New Hampshire
CONCORD, N.H. -- Faced with mounting lawsuits over a popular pistol, New Hampshire-based Sig Sauer asked for — and got — protection in the form of a new state law that makes it harder to take the gunmaker to court. Supporters in the Republican-led Legislature said the law was needed to help a major employer. The lawsuits say Sig Sauer's P320 pistol can go off without the trigger being pulled, an allegation the company denies. The law covers all gun manufacturers and federal firearm licensees in product liability claims regarding the 'absence or presence' of four specific safety features. One of those features is an external mechanical safety that people suing Sig Sauer say should be standard on the P320, based on its design. Claims can still be filed over manufacturing defects. Those who have sued Sig Sauer in New Hampshire and elsewhere include police, federal law enforcement officers, and other experienced gun users from multiple states who say they were wounded by the gun. The manufacturer has prevailed in some cases. It is appealing two recent multimillion-dollar verdicts against it, in Pennsylvania and Georgia. George Abrahams a U.S. Army veteran and painting contractor in Philadelphia who won his case, said he had holstered his P320, put it in the pocket of his athletic pants and zipped it up before going downstairs. "All I did was come down the stairway and there was a loud explosion, and then the excruciating pain and bleeding,' he told The Associated Press in 2022. He said the bullet tore through his right thigh. The company, which employs over 2,000 people in a state with permissive gun laws, says the P320 has internal safety mechanisms and 'has undergone the most rigorous testing and evaluation of any firearm, by military and law enforcement agencies around the world." It says the problem is user error or incompatible holsters, not the design. 'Do you want people to be able to sue car manufacturers because they sell cars that don't have air conditioning?' state Rep. Terry Roy, a Republican from Deerfield, told the House during debate in May. Opponents criticized the bill as a special exemption in liability law that has never been granted to any other New Hampshire company. 'I think there is a difference between helping out a large employer and creating an exemption that actually hurts people and doesn't give them their day in court,' state Rep. David Meuse, a Democrat from Portsmouth, said in an interview. His district covers Newington, where Sig Sauer is headquartered. A 2005 federal law gives the gun industry broad legal immunity. New Hampshire was already among 32 states that have adopted gun immunity laws in some form, according to the Giffords Law Center to Prevent Gun Violence. Some states also have repealed gun industry immunity statutes or weakened them. A Sig Sauer executive asked New Hampshire lawmakers for help in April, two weeks after a Pennsylvania-based law firm filed its most recent lawsuit in federal court in Concord on March 26 over the design of the P320. The firm represents over 100 people who have filed such lawsuits, including more than 70 in New Hampshire. 'We're fighting all these court cases out of town and every single court case we have to fight takes away money from Granite State residents and workers that we can employ and technology,' testified Bobby Cox, vice president of governmental affairs for the company. The measure took effect once Republican Gov. Kelly Ayotte signed it on May 23. Legislators said it doesn't apply to the current lawsuits. However, lawyers for Sig Sauer mentioned it as part of their argument to dismiss the March case or break up and transfer the claims of 22 plaintiffs to court districts where they live. A hearing on the matter is set for July 21. Ayotte's office did not respond to an AP request seeking comment, but it told The Keene Sentinel that she's 'proud to protect New Hampshire companies that create thousands of good-paying jobs from frivolous lawsuits.' 'Out-of-state trial lawyers looking to make money will not find a venue in New Hampshire,' Ayotte's office said in an emailed statement to the newspaper. Robert Zimmerman, the plaintiffs' lead attorney in Pennsylvania, said the goal of the lawsuits is to get the weapon's design changed so that it's safe for the people who use it. New Hampshire was the chosen location because federal rules allow lawsuits against a company in its home state, Zimmerman said. Those lawsuits have been assigned to one federal judge in Concord. 'Sig is trying to strategically decentralize this case and make every client go to 100 different courthouses and slow down the process for both sides to get a just outcome, which is a trial that is decided on the merits,' Zimmerman said in an interview. The lawsuits accuse Sig Sauer of defective product design and marketing and negligence. During the House debate, Roy said he owns a P320 and it's one of his favorite guns, 'but you can buy them with or without safeties.' The plaintiffs say 'the vast majority' of P320 models sold don't come with the safety, 'even as an option.' Sig Sauer says some users prefer the faster draw time granted by the absence of an external safety; others want the feature for added security. Sig Sauer offered a 'voluntary upgrade' in 2017 to include an alternate design that reduces the weight of the trigger, among other features. The plaintiffs' lawyers say the upgrade did not stop unintentional discharges. 'It's not a great look' when a manufacturer can carve out a statutory exemption for itself, but it's also not unusual, said Daniel Pi, an assistant professor at the University of New Hampshire Franklin Pierce School of Law. In Tennessee, Gov. Bill Lee signed a bill in 2023 following a deadly school shooting that gives gun and ammunition dealers, manufacturers and sellers additional protections against lawsuits. This year, Tennessee lawmakers passed another bill to further limit liability for gun companies. In a different industry — pesticides — governors in North Dakota and Georgia signed laws this year providing legal protections to Bayer, the maker of Roundup, a popular weed killer. Bayer has been hit with 181,000 claims alleging that the key ingredient in Roundup causes non-Hodgkin lymphoma. Bayer disputes those claims. The Louisiana Legislature passed a bill that would protect nursing homes from most lawsuits and cap damages. Republican Gov. Jeff Landry hasn't acted on it yet.
Business Upturn
25 minutes ago
- Business Upturn
GMM Pfaudler shares surge over 2% after German subsidiary secures Rs 330 crore contract from European client
By Aditya Bhagchandani Published on June 20, 2025, 09:23 IST GMM Pfaudler shares surged over 2% today after its wholly owned German subsidiary, Pfaudler Normag Systems GmbH, has signed a significant contract worth €33.2 million (approximately ₹330 crore) with a European-based customer. The deal involves the design, engineering, and supply of comprehensive acid recovery equipment and systems. As of 9:22 am the shares were trading at Rs 1,185 on NSE According to the exchange filing, the contract spans four years and includes a 30% upfront payment upon signing. The client, whose identity remains undisclosed due to confidentiality agreements, is a European manufacturer of light and medium weapons, ammunition, and tools catering to both defence and civilian sectors. GMM Pfaudler stated the project is expected to contribute meaningfully to the company's revenue over the execution period. Financial backdrop The announcement comes shortly after GMM Pfaudler reported a consolidated net loss of ₹27 crore in Q4 FY25, compared to a net profit of ₹27.6 crore in Q4 FY24. This figure excludes one-time closure costs of ₹47.7 crore related to severance, inventory write-offs, asset impairments, and other exceptional expenses. Despite the loss, revenue from operations rose 8.9% YoY to ₹806.6 crore. However, EBITDA declined 57.5% to ₹83.3 crore, and margins contracted to 10.3% from 12.1% in the same period last year. Ahmedabad Plane Crash Aditya Bhagchandani serves as the Senior Editor and Writer at Business Upturn, where he leads coverage across the Business, Finance, Corporate, and Stock Market segments. With a keen eye for detail and a commitment to journalistic integrity, he not only contributes insightful articles but also oversees editorial direction for the reporting team.
Business Upturn
25 minutes ago
- Business Upturn
Sun TV shares fall nearly 4% as legal battle erupts between Maran brothers over ownership structure
By Aditya Bhagchandani Published on June 20, 2025, 09:26 IST Shares of Sun TV Network Ltd declined nearly 4% on Friday, June 20, following reports of a legal tussle between the company's promoters—brothers Dayanidhi Maran and Kalanithi Maran. The drop in investor sentiment comes after Dayanidhi Maran, former Union Minister and DMK MP, sent a legal notice to his elder brother Kalanithi Maran, who is the chairman of the Chennai-based media conglomerate. According to the legal notice dated June 10, 2025, Dayanidhi has alleged 'fraudulent practices' by Kalanithi, including 'cheating and money laundering.' The notice also demands the restoration of Sun TV's shareholding to the original structure established in 2003, referencing the family legacy of their father, the late SN Maran (Murasoli Maran), and their mother MK Dayalu, wife of former Tamil Nadu Chief Minister M Karunanidhi. The notice has also been served to seven other individuals, including Kalanithi's wife, Kaveri Maran. Legal firm K Suresh of Law Dharma, based in Santhome, Chennai, has issued the notice. The stock's sharp decline reflects investor concerns around potential management instability and reputational risks stemming from the public family feud. Ahmedabad Plane Crash Aditya Bhagchandani serves as the Senior Editor and Writer at Business Upturn, where he leads coverage across the Business, Finance, Corporate, and Stock Market segments. With a keen eye for detail and a commitment to journalistic integrity, he not only contributes insightful articles but also oversees editorial direction for the reporting team.
