Cyberattacks hit retailers at the worst time
Add Axios as your preferred source to
see more of our stories on Google.
Illustration: Maura Losch/Axios
Cyberattacks are the latest crisis for U.S. retailers as they continue to weather tariff uncertainties and labor strife.
Why it matters: Consumers are already feeling the squeeze from high prices and patchy inventory.
- And now, cyberattacks are adding yet another cost driver — both operationally and optically — for businesses trying to stay afloat.
Driving the news: United Natural Foods, a major U.S. grocery supplier, has been battling an apparent cyberattack since June 6.
- The incident led to product shortages at Whole Foods and other grocery stores across the country. In a statement on Sunday, the company said it "made significant progress toward safely restoring our electronic ordering systems," allowing it to start receiving and delivering products to grocery store customers again.
State of play: The breach is the latest in a string of cyber incidents hitting American retailers.
- In recent weeks, Victoria's Secret, North Face, and Cartier were each targeted in separate cyberattacks. Victoria's Secret had to shut down its online store for a full day.
- Google had warned last month that Scattered Spider — a group of teen hackers in the U.S. and U.K. with no clear links to any nation-state — had its sights set on American retailers after a similar spree in the U.K.
- None of the affected retailers have disclosed who may be responsible.
The big picture: Retailers are navigating a perfect storm of economic and logistical headwinds.
- Trade policy uncertainty, particularly around tariffs, is forcing tough choices around pricing and supply chains.
- Meanwhile, labor tensions are escalating. Roughly 60,000 Kroger and Albertsons workers have voted to authorize strikes in multiple cities.
Zoom in: A week into the United Natural Foods incident, some Whole Foods shelves remain bare.
- At a Bay Area Whole Foods on Thursday evening, there were signs on its shelves and refrigerators saying, "We are experiencing a temporary out of stock issue for some products." Paper towels, fresh juice, kombucha, olive oil and rice were among the missing items.
- Whole Foods locations in Minnesota, Arkansas, and North Carolina are facing similar situations, according to news reports.
- Some United Natural Foods forklift drivers had to revert to pen-and-paper systems to prepare shipments, Bloomberg reported.
Threat level: Retailers are increasingly vulnerable to sophisticated and multipronged cyberattacks, from data breaches to extortion schemes to deepfake scams.
- These attacks often combine social engineering, data theft and ransom demands, with some aimed purely at disrupting operations rather than stealing customer data.
- In 2024, the average cost of a data breach in the retail sector was $3.48 million, an 18% increase from the year before, according to IBM.
- That figure covers the costs of the fallout from any cyberattack that resulted in data theft, including system recovery, lost business and customer notification costs.
- Fraud targeting retailers also doubled last year, fueled by the growing use of AI-generated audio deepfakes, according to recent data from Pindrop.
- "Right now the retail sector is under acute pressure from a number of actors who are disrupting operations and extorting businesses," John Hultquist, chief analyst at Google Threat Intelligence Group, tells Axios.
- "If they haven't already, retailers should be taking a hard look at their defenses, especially against social engineering attacks," he adds.
What to watch: It remains unclear who is behind the latest wave of cyberattacks or what vulnerabilities are exploited.
Go deeper: Walmart plans to source more products from small businesses
