Dutch grocery giant Ahold Delhaize revealed last week that the ransomware attack targeting its systems last year resulted in a data breach impacting more than 2.2 million individuals.
The cybersecurity incident came to light in November 2024, when several US pharmacies and supermarket chains owned by Ahold Delhaize reported suffering network issues. The incident impacted Giant Food pharmacies and Hannaford supermarkets, as well as Food Lion, The Giant Company, and Stop & Shop.
The Inc Ransom ransomware group took credit for the attack on Ahold Delhaize in mid-April 2025, and the company confirmed shortly after that the hackers likely exfiltrated data from some of its internal business systems.
Ahold Delhaize has since determined that personal information has been compromised and impacted individuals are now being notified.
The stolen files stored internal employment records pertaining to current and former Ahold Delhaize USA companies.
The organization told the Maine Attorney General’s Office that 2,242,521 people are affected.
The compromised information varies from individual to individual, but can include name, contact information, date of birth, Social Security number, passport number, driver’s license number, financial account information, health information, and employment-related details.
Affected individuals are being offered two years of free credit monitoring and identity protection services.
On their Tor-based leak website, the cybercriminals have made available roughly 800 Gb of data allegedly stolen from Ahold Delhaize, which indicates that the company has not paid a ransom. Inc Ransom claimed to have stolen 6 Tb of files from the company.
The retail industry, particularly supermarkets, have been increasingly targeted in cyberattacks in recent months.
UK retailers Co-op, Harrods, and M&S were targeted in April by cybercriminals believed to be associated with the Scattered Spider group.
Earlier this month, United Natural Foods (UNFI), the main distributor for Amazon’s Whole Foods and many other grocery stores in North America, was hit by a cyberattack that caused disruptions to business operations and led to grocery shortages.
UNFI said there is no indication that personal or health information has been stolen, and no ransomware group has taken credit for the attack.
Related: Aflac Finds Suspicious Activity on US Network That May Impact Social Security Numbers, Other Data
Related: Steelmaker Nucor Says Hackers Stole Data in Recent Attack
Related: Mainline Health, Select Medical Each Disclose Data Breaches Impacting 100,000 People
