Cyberattack empties shelves at Park City Whole Foods

Empty shelves at the Park City Whole Foods on June 18, 2025, reflect ongoing supply chain disruptions following a cyberattack on United Natural Foods Inc. (UNFI), the grocer’s primary distributor. Photo: Rebecca Brenner

PARK CITY, Utah (AP) — Shoppers at the Whole Foods Market in Park City are encountering empty shelves this week as the effects of a June 5 cyberattack on United Natural Foods Inc. (UNFI), the grocer’s primary distributor, continue to disrupt deliveries across North America.

UNFI, which supplies Whole Foods and other major grocery retailers, confirmed in a securities filing that it had taken portions of its systems offline after detecting unauthorized activity. The disruption has limited the company’s ability to fulfill and distribute customer orders, leading to leaner product availability at stores like the one in Park City, where locals and tourists alike rely on consistent grocery access.

Similar Reads On TownLift

View this post on Instagram

A post shared by TownLift (@townliftnews)

A Whole Foods spokesperson told the Associated Press that the company is “working to restock shelves as soon as possible.” As of this week, several sections of the Park City store — including fresh produce, packaged goods, and specialty items — appeared noticeably understocked.

In a June 15 statement shared with media, UNFI said it is “receiving orders and delivering products” while making “significant progress toward safely restoring [its] electronic ordering systems.” The company added that it is also using “alternative processes” to ensure stores receive needed products while technology systems are repaired.

UNFI’s partnership with Whole Foods, which is owned by Amazon, runs through May 2032. The company emphasized that customers, suppliers, and associates remain its “highest priority.”

The Park City shortages reflect a broader trend of growing cyber threats against consumer-facing companies. As reported by the Associated Press, ransomware attacks — in which hackers demand payment to restore systems — are becoming increasingly common. Experts say attackers are deliberately targeting critical supply chains and recognizable retail brands to maximize disruption.

“Cyber criminals are moving a little quicker than we are in terms of securing our systems,” Cliff Steinhauer, director at the National Cybersecurity Alliance, told the AP. He noted that attacks like this one put pressure on companies not just to restore operations but also to maintain public trust.

Recent cyber incidents have similarly affected U.K. retailers like Marks & Spencer and Co-op, where, according to the AP, stores in rural areas were left with few essentials following attacks. “People were literally going without the basics,” said Ade Clewlow, an adviser at cybersecurity firm NCC Group.

While UNFI has not indicated whether any customer data was compromised, cybersecurity experts continue to advise consumers to take precautions, including enabling multifactor authentication, avoiding reused passwords, and remaining alert to potential phishing scams.

For now, Park City shoppers may continue to see gaps on grocery shelves as UNFI works to restore full operational capacity. The incident offers a stark reminder that cybersecurity failures can have real-world consequences — even in the produce aisle.

Whole Foods staff in Park City were unavailable for comments.