- Still no confirmation if the data breach affected customers
- Data stolen varies from person to person but generally includes sensitive PII
- INC Ransom assumed responsibility for the attack
When cybercriminals struck Ahold Delhaize in November 2024, they stole sensitive data on more than 2.2 million people, the company has revealed.
The food retail behemoth confirmed the news in a new form, recently filed with the Maine Attorney General’s Office, which did not specify if, among the stolen documents, was information belonging to its customers.
However, it did say they may have included internal employment records for both current and former employees. The combination of stolen data varies from person to person, but generally, it includes full names, postal addresses, email addresses, phone numbers, dates of birth, government-issued ID numbers, bank account numbers, health information, and other employment-related information.
Customer concerns
Ahold Delhaize confirmed suffering a cyberattack which forced it to shut down parts of its IT infrastructure.
As a result, some of its grocery stores and pharmacies, mainly those in the United States, could not service their customers properly. The company operates a variety of supermarket, convenience store, and online grocery brands across Europe and the United States, including brands like Food Lion, Stop & Shop, and Giant.
It operates some 7,910 stores across Europe, the United States, and Indonesia, and serves around 72 million customers weekly. In late April 2025, it confirmed the attackers stole sensitive files, and said it was investigating the matter.
The company never announced the name of the attackers, but a group calling itself INC Ransom added Ahold Delhaize to its dark web extortion page in April 2025
At that time, it leaked a sample of documents, confirming the authenticity of the breach and suggesting that the negotiations about a ransom payment were under way.
Besides announcing the theft, the company also said it would be offering 24 months of free credit monitoring and identity theft protection services to affected individuals through Experian, which includes $1 million in identity theft insurance coverage.
Via BleepingComputer
