Ahold Delhaize Data Breach Affects Over 2.2 Million Individuals

On November 8, 2024, Dutch grocery giant Ahold Delhaize detected a cybersecurity issue in its network infrastructure in the United States. This incident marked the beginning of a data breach that would go on to affect over 2.2 million people worldwide.

A Brief History of Ahold Delhaize

Ahold Delhaize is a multinational retail and wholesale holding company with Dutch and Belgian roots, dating back to the 1800s. The company was formed in 2016 through the merger of two companies: Ahold (Dutch) and Delhaize Group (Belgian). Today, its diverse business format includes supermarkets, convenience stores, hypermarkets, online grocery, online non-food, drugstores, and liquor stores.

The Ransomware Attack

The incident began when the company's US branch detected a cybersecurity issue on November 8, 2024. Security teams immediately launched an investigation with the help of external cybersecurity experts to determine the source of the breach. The company also notified law enforcement, ensuring that all necessary steps were taken to contain and investigate the incident.

The investigation revealed that an unauthorized third party had accessed and obtained certain files from an internal file repository between November 5 and 6, 2024. Unfortunately, this led to a data breach that exposed personal information of over 2.2 million individuals connected to Ahold Delhaize's US companies.

Compromised Personal Information

The compromised files may have included internal employment records containing sensitive personal information, including:

  • Personal details: name, contact information (postal and email address, telephone number)
  • Government-issued identification numbers (Social Security, passport, driver's license numbers)
  • Financial account information (bank account number)
  • Health information (workers' compensation, medical information in employment records)
  • Employment-related information

The types of impacted information varied by individual, making it essential for the company to notify each affected person and provide them with support.

Ahold Delhaize's Response

The company took swift action, launching an investigation with external cybersecurity experts and coordinating with US federal law enforcement to contain the incident. Ahold Delhaize USA confirmed that all brand stores remain open and continue serving customers, despite the disruption caused by the breach.

As part of their response, the company offered affected individuals two years of free credit monitoring and identity protection. They notified over 2.2 million people, taking responsibility for containing the incident.

The Ransomware Group's Claim

In April 2025, the Inc Ransom group claimed responsibility for the Ahold Delhaize cyberattack. The company confirmed that internal data was likely stolen by the attackers. Additionally, over 800 GB of the alleged 6 TB of stolen data were posted on their leak site, suggesting no ransom was paid.

Conclusion

Ahold Delhaize's data breach serves as a reminder of the importance of robust cybersecurity measures in protecting sensitive information. The company's swift response and notification to affected individuals demonstrate their commitment to transparency and customer support.

Follow me on Twitter: @securityaffairs, Facebook, and Mastodon for more updates and analysis on this incident and other cybersecurity news.