Ahold Delhaize, one of the world’s largest food retailers, has confirmed that a cyber-attack on its US operations exposed the personal data of over 2.2 million individuals. The breach, which occurred in November 2024, has been linked to a ransomware incident targeting the company’s internal business systems.
Details of the breach were revealed last week in a filing with Maine’s Attorney General. The stolen data primarily consists of internal employment records for current and former Ahold Delhaize USA employees.
The company said that while not all individuals had the same data exposed, information accessed may include:
-
Names and contact details
-
Dates of birth
-
Government-issued identification numbers
-
Bank account information
-
Health and workers’ compensation data
-
Employment-related records
While Ahold Delhaize has not confirmed whether customer data was included, it emphasized that the breach appears to involve only employment-related information. In Maine alone, 95,463 individuals were affected, triggering mandatory state-level notifications.
“To date, this is one of the most significant data breaches following a ransomware attack, particularly within the food and beverage sector,” said Rebecca Moody, head of data research at Comparitech.
“The average number of records breached in a ransomware attack on a food and beverage company was 53,200. This highlights the severity of this breach as well as the new focus on data theft.”
The company, which owns brands such as Food Lion, Stop & Shop, Giant Food and Hannaford in the US, said it launched an investigation and secured its systems shortly after detecting the attack on November 6. At the time, some stores reported service disruptions, including delays in pharmacy and delivery operations.
Ahold Delhaize said that based on its review, there is no evidence that customer credit card or pharmacy data was compromised. However, as a precaution, it is offering affected individuals in the US two years of free credit monitoring and identity protection through Experian.
Although Ahold Delhaize has not officially named the attacker, the ransomware group INC Ransom added the company to its extortion site in April and published documents allegedly taken during the breach.
“The INC ransomware group may not be the most well-known but has been involved in some other noteworthy attacks in the past,” said Erich Kron, security awareness advocate at KnowBe4.
“The information stolen poses a significant threat to the victims.”
Kron advised victims to monitor their credit reports and “lock the credit reports” where possible.
“Organizations should reflect on attacks such as this, and ensure that they are doing everything they can to avoid ransomware attacks,” he added.
In response to the breach, Ahold Delhaize stated that it engaged external cybersecurity experts and took immediate action to contain the threat. It continues to monitor its systems and has committed to strengthening its data protection protocols.
“The scariest thing in my mind is that we have now arrived at a very common kinetic effect […] because of cyber-threats,” said Lawrence Pingree, VP at Dispersive.
“These types of data systems need strong multi-factor authentication, stealth networks and […] segmentation of users.”
The Dutch-Belgian retail conglomerate operates over 9400 stores globally, serves more than 60 million customers each week, and reported $104bn in annual sales last year.
Image credit: John M. Chase / Shutterstock.com