Ahold Delhaize Data Breach Exposes 2.2 Million Users
▼ Summary
– Ahold Delhaize is notifying 2.2 million individuals that their personal, financial, and health data was stolen in a November ransomware attack on its U.S. systems.
– The multinational retailer operates over 9,400 stores globally, employs 393,000 people, and reported $104 billion in net sales last year.
– Stolen data includes names, contact details, government IDs, financial accounts, health records, and employment information from internal U.S. business systems.
– The INC Ransom ransomware group claimed responsibility, leaking samples of stolen documents, though Ahold Delhaize has not confirmed their involvement.
– INC Ransom is a RaaS operation active since 2023, targeting sectors like healthcare and government, with recent focus on U.S. organizations.
More than 2.2 million people are now part of an unfolding data breach tied to Ahold Delhaize, the multinational group behind household names like Food Lion, Hannaford, Stop & Shop in the U.S., and Albert Heijn across Europe. In documents filed with Maine’s Attorney General this month, the company confirmed that attackers infiltrated its U.S. business systems on November 6, 2024.
The stolen files include employment records with names, contact details, and birth dates—sensitive data that could open the door to fraud or identity theft. Customer payment and pharmacy systems, the company insists, were not touched. Ahold Delhaize, which pulls in more than $100 billion in yearly revenue, has yet to publicly attribute the breach to a specific group.
But there’s little doubt who wants credit. In April, the INC Ransom group added Ahold Delhaize to its leak site on the dark web, flaunting samples of what it claims to have stolen. INC Ransom has built a reputation for hitting high-value U.S. targets since mid-2023, from healthcare networks to state agencies.
Who’s Behind the Leak?
The company won’t confirm whether any ransom was demanded or paid. A spokesperson repeated that no payment or pharmacy systems were breached, nor were credit card numbers exposed. Meanwhile, INC Ransom’s track record leaves few illusions about its intentions: the same group recently claimed attacks on the State Bar of Texas and several hospital systems.
Security researchers tracking the gang describe it as part of a trend—more tailored, more patient, and harder to spot until damage is done. They warn that attacks like this show just how porous corporate defenses remain, even for firms with global reach and deep pockets.
As Ahold Delhaize works to contain the fallout, questions hang over what data might surface next and whether more victims are in line for fraud attempts in the months ahead.
(Source: BLEEPING COMPUTER)
