Ahold Delhaize USA breach exposes data from 2 million people
More information is becoming available on a November 2024 cyberattack that affected Ahold Delhaize USA.
In a brief statement issued April 17, 2025, Ahold Delhaize USA said that based on its investigation of a cybersecurity issue that took place in its U.S. network in November 2024, “certain files” were taken from some internal U.S. business systems.
[READ MORE: Ahold Delhaize USA confirms data theft in breach]
Now, the U.S. subsidiary of the Netherlands-based Ahold Delhaize grocery conglomerate is notifying 2.24 million people that a data breach which occurred Nov. 5, 2024 and was discovered Nov. 6, 2024 exposed some of their personal information.
“The issue affected certain internal U.S. business systems, including one of our internal file repositories,” Ahold Delhaize USA said on its site. “We have no indication that customer payment or pharmacy systems were compromised in connection with the issue.”
According to a note from U.K. security software company Comparitech, personal data which was compromised includes names, Social Security numbers, financial account information including bank account numbers, health information including worker’s compensation, employment-related information, government-issued ID numbers such as passports and driver’s licenses, postal addresses, email addresses, phone numbers and dates of birth.
Comparitech says this was the eighth-largest breach on a U.S. company via ransomware in 2024 and the 11th-largest worldwide, as well as the largest ever in the food and beverage industry.
The cybersecurity firm also reports that a global ransomware group known as Inc. announced on the dark web that it will soon start selling six terabytes of Ahold Delhaize data. Inc.’s claim of stealing the data has not been verified and it is not known if the grocer paid any type of ransom or exactly how its network was compromised.
Mitigation efforts at the time of the breach included taking some systems offline, which affected pharmacies and e-commerce operations of some Ahold Delhaize USA brands, although stores all remained open.
"In most cases, attacks on this sector have focused on system encryption, as this is often where the most disruption is caused,” Rebecca Moody, head of data research at Comparitech, said in emailed commentary to Chain Store Age. “This highlights the severity of this breach as well as the new focus on data theft (as well as system encryption) for the majority of ransomware gangs. It is likely that we'll see larger data breaches within the food and beverage industry going forward."
In its initial April 2025 announcement of the cyberattack, the grocer said it had begun an investigation with the assistance of external cybersecurity experts, as well as notified law enforcement.
Netherlands-based Ahold Delhaize operates more than 2,000 stores in 23 U.S. states across banners including Food Lion, Giant Food, The Giant Company, Hannaford and Stop & Shop.
