Ahold Delhaize, a major player in the global food retail sector, has reported a significant data breach affecting over 2.2 million individuals as a result of a ransomware attack on its U.S. operations last November. The company operates a wide network of stores, employing about 393,000 people and serving roughly 60 million customers each week across various brands, including Food Lion and Stop & Shop.
In an official statement, Ahold Delhaize confirmed that the breach occurred on November 6, 2024, when cybercriminals accessed sensitive internal business systems. While the company did not disclose the identity of the cybercrime group behind the attack, it acknowledged that the ransomware group INC Ransom had listed their organization on its dark web portal, threatening to leak stolen documents. The extent of the information compromised includes personal, financial, employment, and health-related records.
The affected data may contain critical personal details such as names, addresses, dates of birth, and government-issued identification numbers, as well as financial and medical information tied to employment records. The storm of concern surrounding this breach raises questions about the protection of consumer and employee data in the digital age, emphasizing the risks faced by organizations in today’s cybersecurity landscape. For further insights, Ahold Delhaize’s official statement can be found here.
The company is actively working to address the incident and has communicated with those whose personal information may have been compromised. In light of the breach, stakeholders are hoping to see enhanced cybersecurity measures implemented to prevent future occurrences. According to a filing with the Maine Attorney General, the company disclosed specific details of the data stolen and its implications for individual security. The full report can be accessed here.
Cybersecurity experts warn that incidents like this highlight the growing threat posed by ransomware groups targeting major corporations. With many organizations, including healthcare and government institutions, suffering from similar breaches, there is an increased need for robust cybersecurity protocols and public awareness. The activities of INC Ransom, a ransomware-as-a-service entity, spotlight the urgency for businesses to prioritize their cybersecurity defenses.