UNFI
Company Details
Linkedin ID:
unfi
Website:
Employees number:
17,121
Number of followers:
140,835
NAICS:
722
Industry Type:
Homepage:
unfi.com
IP Addresses:
0
Company ID:
UNF_2605753
Scan Status:
In-progress
Internal validation & live display
Multiple badges & continuous verification
Faster underwriting decisions
UNFI Vendor Cyber Rating & Cyber Score
unfi.comUNFI is North America’s Premier Food Wholesaler. We transform the world of food for our associates, customers, suppliers and the families we serve every day. With deeper full store selection and compelling brands for every aisle, built on an unmatched heritage in great food and fresh thinking. And smarter food solutions, from fulfillment to insights and beyond, that help entrepreneurs and major brands alike unlock their full potential and transform their businesses – for the better. Better Food. Better Future.
UNFI A.I CyberSecurity Scoring
UNFI Risk Score (AI oriented)Between 650 and 699
UNFI
Updated:
- Powered by our proprietary A.I cyber incident model
- Insurance preferes TPRM score to calculate premium
UNFI Global Score (TPRM)XXXX
UNFI
- Instant access to detailed risk factors
- Benchmark vs. industry & size peers
- Vulnerabilities
- Findings
UNFI Company CyberSecurity News & History
Past Incidents
2
Attack Types
2
United Natural Foods (UNFI)
Cyber Attack
Rankiteo Explanation
Attack threatening the organization’s existence
Description: A cyber breach disrupted United Natural Foods (UNFI), a key wholesale distributor for major grocers like Whole Foods, halting its ability to process and fulfill orders. The attack, detected on June 5, forced UNFI to take critical systems offline, leading to widespread supply chain disruptions. Retailers reliant on UNFI including Whole Foods faced product shortages, empty shelves, and delayed restocking. The incident strained inventory in remote areas, leaving consumers without essential goods. While UNFI reported 'steady progress' in restoring services mid-June, operational recovery remained gradual.The breach’s scope extended beyond logistics, raising concerns about potential exposure of customer or partner data though no explicit confirmation of stolen data was provided. The attack aligns with a broader trend of cybercriminals targeting high-impact sectors like food distribution, where operational halts create immediate public panic. UNFI’s role as a linchpin in grocery supply chains amplified the ripple effects, affecting both corporate revenue and consumer access to daily necessities. The long-term financial and reputational costs remain undisclosed, but the incident underscores vulnerabilities in critical retail infrastructure.
United Natural Foods (UNFI)
Ransomware
Rankiteo Explanation
Attack threatening the organization’s existence
Description: United Natural Foods (UNFI), a major North American wholesale distributor supplying grocers like Whole Foods, suffered a cyberattack discovered on June 5, 2024. The incident forced the company to take critical systems offline, disrupting its ability to fulfill and distribute customer orders. The attack triggered supply chain delays, leading to empty shelves at Whole Foods stores, with customers reporting shortages reminiscent of early pandemic disruptions. Forensic experts and law enforcement are investigating, but the company has not confirmed whether data was exfiltrated or if a ransom demand was made. The SEC filing acknowledges temporary operational paralysis, impacting suppliers, retailers, and end consumers. While UNFI prioritizes system restoration, the attack underscores the retail sector’s vulnerability to cyber disruptions, particularly those targeting logistics and inventory management. The financial and reputational fallout includes lost sales, customer dissatisfaction, and potential long-term trust erosion, though no direct data breach of customer or employee information has been publicly confirmed.
UNFI Company Scoring based on AI Models
Cyber Incidents Likelihood 3 - 6 - 9 months
A.I Risk Score Likelihood 3 - 6 - 9 months
Underwriter Stats for UNFI
Incidents vs Food and Beverage Services Industry Average (This Year)
No incidents recorded for UNFI in 2026.
Incidents vs All-Companies Average (This Year)
No incidents recorded for UNFI in 2026.
Incident Types UNFI vs Food and Beverage Services Industry Avg (This Year)
No incidents recorded for UNFI in 2026.
Incident History — UNFI (X = Date, Y = Severity)
UNFI cyber incidents detection timeline including parent company and subsidiaries
UNFI Company Subsidiaries
UNFI is North America’s Premier Food Wholesaler. We transform the world of food for our associates, customers, suppliers and the families we serve every day. With deeper full store selection and compelling brands for every aisle, built on an unmatched heritage in great food and fresh thinking. And smarter food solutions, from fulfillment to insights and beyond, that help entrepreneurs and major brands alike unlock their full potential and transform their businesses – for the better. Better Food. Better Future.
Loading...
UNFI Similar Companies
Perfetti Van Melle
Perfetti Van Melle is a privately owned company, producing and distributing candies and chewing gums in more than 150 countries worldwide. Employing over 17.000 people and operating 37 companies throughout the world, Perfetti Van Melle has a true global reach: it is present in the Asia Pacific Reg
We are one of the leading global producers and exporters of quality food, as we believe it is fundamental to a better life for all people. Not only what we do, but the way we do it, is guided by the purpose of a better life for everyone, from farm to fork. That is why we conduct a sustainable mana
Ambev
Hey there! Welcome. Here at Ambev, there are lots of people and amazing projects beyond our labels! Let’s talk about that. We believe that having a big dream requires just the same effort as having a small one. That is why our big dream began back in the 1880s, with a team determined to make thi
Almarai - المراعي
Founded in 1977, Almarai Company is the world’s largest vertically integrated dairy company and the largest food and beverage manufacturing and distribution company in MENA. Headquartered in Riyadh, Almarai Company is ranked as the number one FMCG Brand in the MENA region and the market leader in al
US Foods
US Foods is one of America’s great food companies and a leading foodservice distributor, partnering with approximately 300,000 restaurants and foodservice operators to help their businesses succeed. With 28,000 associates and more than 70 locations, US Foods provides its customers with a broad and
Suntory Holdings Limited
As a global leader in the beverage industry, Suntory Group aims to inspire the brilliance of life, by creating rich experiences for people, in harmony with nature. Sustained by the gifts of nature and water, the Group offers a uniquely diverse portfolio of products, from award-winning Japanese whisk
The HEINEKEN Company
HEINEKEN - the world's most international brewer. It is the leading developer and marketer of premium beer and cider brands. Led by the Heineken® brand, the Group has a portfolio of more than 500 international, regional, local, and speciality beers and ciders. We are committed to innovation, long-te
Here at the DQ® system, we believe that HAPPY TASTES GOOD®. Our first location opened in Joliet, Illinois, 80 years ago. Since then we’ve grown to more than 7,000 DQ® locations in the U.S., Canada and 22 other countries. Our restaurants offer a variety of sweet treats and crave-worthy eats that
The Coca-Cola Company
From our roots at the counter of a local Atlanta pharmacy, to our current portfolio of more than 200 beverages, The Coca-Cola Company is one of the most globally-recognized brands in the world. Today, our lineup features beloved beverage brands, including Coca-Cola, Sprite, Fanta, smartwater, Dasa
.png)
UNFI CyberSecurity News
March 25, 2026 04:55 PM
United Natural Foods investigates cybersecurity breach, stock drops over 9%
United Natural Foods (NYSE:UNFI) reported Monday that it has taken parts of its systems offline after detecting “unauthorized activity,” prompting an...
August 07, 2025 07:00 AM
EXCLUSIVE: Lessons Learned After UNFI's Cyber Incident
Progressive Grocer recently had the opportunity to sit down with United Natural Foods Inc. (UNFI) CEO Sandy Douglas to discuss how the...
July 17, 2025 03:32 PM
UNFI Says Cyberattack Cost is up to $400M in Sales, $50M in EBITDA
UNFI expects a loss of sales from a June cyberattack but remains on track to meet its long-term financial goals ahead of schedule.
July 17, 2025 07:00 AM
United Natural Foods loses up to $400M in sales after cyberattack
The food distributor and wholesaler completely shut down its systems upon discovering the attack last month, yet core systems were restored...
July 17, 2025 07:00 AM
UNFI Revises 2025 Guidance, Maintains Long-Term Growth Focus
United Natural Foods, Inc. UNFI, North America's premier grocery wholesaler, has updated the fiscal 2025 financial outlook while reaffirming...
July 16, 2025 07:00 AM
UNFI expects cyberattack to cost it at least $350 million in sales
The grocery distributor's operations have largely returned to normal, and the company believes the operational impact of the attack will be...
July 16, 2025 07:00 AM
UNFI’s cyberattack loss could be $425M but net sales outlook is increased
United Natural Foods Inc. (UNFI) is almost fully recovered from a June cyberattack that could cost the company up to $425 million in lost...
July 16, 2025 07:00 AM
United Natural Foods Projects Up to $400M Sales Hit From June Cyberattack
United Natural Foods (UNFI) estimates a $350–$400 million sales impact from a June 2025 cyberattack but expects insurance to offset losses.
June 30, 2025 07:00 AM
UNFI expects financial hit from cyberattack as recovery continues
Major North American grocery wholesaler United Natural Foods, Inc., has disclosed that the cyberattack it experienced earlier this month...
Frequently Asked Questions
Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.
UNFI CyberSecurity History Information
Official Website of UNFI
The official website of UNFI is http://www.unfi.com.
UNFI’s AI-Generated Cybersecurity Score
According to Rankiteo, UNFI’s AI-generated cybersecurity score is 658, reflecting their Weak security posture.
How many security badges does UNFI’ have ?
According to Rankiteo, UNFI currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.
Has UNFI been affected by any supply chain cyber incidents ?
According to Rankiteo, UNFI has been affected by a supply chain cyber incident involving UNFI, with the incident ID UNF2855428092925.
Does UNFI have SOC 2 Type 1 certification ?
According to Rankiteo, UNFI is not certified under SOC 2 Type 1.
Does UNFI have SOC 2 Type 2 certification ?
According to Rankiteo, UNFI does not hold a SOC 2 Type 2 certification.
Does UNFI comply with GDPR ?
According to Rankiteo, UNFI is not listed as GDPR compliant.
Does UNFI have PCI DSS certification ?
According to Rankiteo, UNFI does not currently maintain PCI DSS compliance.
Does UNFI comply with HIPAA ?
According to Rankiteo, UNFI is not compliant with HIPAA regulations.
Does UNFI have ISO 27001 certification ?
According to Rankiteo,UNFI is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.
Industry Classification of UNFI
UNFI operates primarily in the Food and Beverage Services industry.
Number of Employees at UNFI
UNFI employs approximately 17,121 people worldwide.
Subsidiaries Owned by UNFI
UNFI presently has no subsidiaries across any sectors.
UNFI’s LinkedIn Followers
UNFI’s official LinkedIn profile has approximately 140,835 followers.
NAICS Classification of UNFI
UNFI is classified under the NAICS code 722, which corresponds to Food Services and Drinking Places.
UNFI’s Presence on Crunchbase
No, UNFI does not have a profile on Crunchbase.
UNFI’s Presence on LinkedIn
Yes, UNFI maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/unfi.
Cybersecurity Incidents Involving UNFI
As of April 04, 2026, Rankiteo reports that UNFI has experienced 2 cybersecurity incidents.
Number of Peer and Competitor Companies
UNFI has an estimated 8,656 peer or competitor companies worldwide.
What types of cybersecurity incidents have occurred at UNFI ?
Incident Types: The types of cybersecurity incidents that have occurred include .
Additional Questions
.png)
Latest Global CVEs (Not Company-Specific)
Description
nimiq/core-rs-albatross is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. Prior to version 1.3.0, two peer-facing consensus request handlers assume that the history index is always available and call blockchain.history_store.history_index().unwrap() directly. That assumption is false by construction. HistoryStoreProxy::history_index() explicitly returns None for the valid HistoryStoreProxy::WithoutIndex state. when a full node is syncing or otherwise running without the history index, a remote peer can send RequestTransactionsProof or RequestTransactionReceiptsByAddress and trigger an Option::unwrap() panic on the request path. This issue has been patched in version 1.3.0.
Risk Information
cvss3
Base: 5.3
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Description
PraisonAI is a multi-agent teams system. Prior to version 1.5.95, FileTools.download_file() in praisonaiagents validates the destination path but performs no validation on the url parameter, passing it directly to httpx.stream() with follow_redirects=True. An attacker who controls the URL can reach any host accessible from the server including cloud metadata services and internal network services. This issue has been patched in version 1.5.95.
Risk Information
cvss3
Base: 8.6
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
Description
PraisonAI is a multi-agent teams system. Prior to version 4.5.97, OAuthManager.validate_token() returns True for any token not found in its internal store, which is empty by default. Any HTTP request to the MCP server with an arbitrary Bearer token is treated as authenticated, granting full access to all registered tools and agent capabilities. This issue has been patched in version 4.5.97.
Risk Information
cvss3
Base: 9.1
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Description
PraisonAI is a multi-agent teams system. Prior to version 4.5.97, the PraisonAI Gateway server accepts WebSocket connections at /ws and serves agent topology at /info with no authentication. Any network client can connect, enumerate registered agents, and send arbitrary messages to agents and their tool sets. This issue has been patched in version 4.5.97.
Risk Information
cvss3
Base: 9.1
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Description
PraisonAI is a multi-agent teams system. Prior to version 4.5.90, MCPToolIndex.search_tools() compiles a caller-supplied string directly as a Python regular expression with no validation, sanitization, or timeout. A crafted regex causes catastrophic backtracking in the re engine, blocking the Python thread for hundreds of seconds and causing a complete service outage. This issue has been patched in version 4.5.90.
Risk Information
cvss3
Base: 6.5
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Access Data Using Our API
Get company history
curl -i -X GET 'https://api.rankiteo.com/underwriter-getcompany-history?linkedin_id=unfi' -H 'apikey: YOUR_API_KEY_HERE'
RapidWhat Do We Measure ?
Incident
Finding
Grade
Digital Assets
Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.
These are some of the factors we use to calculate the overall score:
Network Security
Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.
SBOM (Software Bill of Materials)
Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.
CMDB (Configuration Management Database)
Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.
Threat Intelligence
Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.
Rankiteo is a unified scoring and risk platform that analyzes billions of signals weekly to help organizations gain faster, more actionable insights into emerging threats. Empowering teams to outpace adversaries and reduce exposure.
