Ahold Delhaize data breach affected over 2.2 Million individuals
June 30, 2025
A ransomware attack on grocery giant Ahold Delhaize led to a data breach that affected more than 2.2 million people.
A ransomware attack on Dutch grocery giant Ahold Delhaize has led to a data breach affecting over 2.2 million people.
Ahold Delhaize is a Dutch-Belgian multinational retail and wholesale holding company. Its name comes from the 2016 merger of two companies: Ahold (Dutch) and Delhaize Group (Belgian), which both have origins in the 1800s. Its business format includes supermarkets, convenience stores, hypermarkets, online grocery, online non-food, drugstores, and liquor stores. Its 16 local brands employ 402,000 people at 7,716 stores across nine countries.
The holding company operates several supermarkets and ecommerce sites in the US, including Food Lion, Giant Food, Hannaford, Stop & Shop, and The Giant Company.
The US branch of the company detected a cybersecurity issue on November 8, 2024, the incident impacted the network infrastructure in the U.S. Once detected the problem, the security teams began an investigation with the help of external cybersecurity experts. The company also notified law enforcement. Ahold Delhaize USA confirmed that all its brand stores remain open and continue serving customers.
The incident disrupted operations at several U.S. subsidiaries, including Giant Food, Hannaford, Food Lion, The Giant Company, and Stop & Shop, exposing personal information.
The company launched an investigation with the help of external cybersecurity experts and coordinated with U.S. federal law enforcement to contain the incident. The investigation revealed that an unauthorized third party accessed and obtained certain files from an internal file repository between November 5 and 6, 2024. As the review progressed, Ahold Delhaize USA discovered that some of the compromised files may have included internal employment records containing personal information related to individuals connected to its U.S. companies.
“Given the nature of the file repository, the files that may have been affected contained different types of personal information such as name, contact information (for example, postal and email address and telephone number), date of birth, government-issued identification numbers (for example, Social Security, passport and driver’s license numbers), financial account information (for example, bank account number), health information (for example, workers’ compensation information and medical information contained in employment records), and employment-related information.” reads the data breach notification letter shared with the Maine Attorney General’s Office “The types of impacted information vary by affected individual.”
Ahold Delhaize determined that the data breach impacted 2,242,521 individuals and is notifying them.
The company offers affected individuals two years of free credit monitoring and identity protection.
In April 2025, the Inc Ransom group claimed responsibility for the Ahold Delhaize cyberattack. The company confirmed that internal data was likely stolen.
The gang posted about 800 GB of the alleged 6 TB of stolen data on their leak site, suggesting no ransom was paid.
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
Pierluigi Paganini
(SecurityAffairs – hacking, Ahold Delhaize)
