In a significant cybersecurity breach disclosed on July 2, 2025, Ahold Delhaize USA Services, LLC, a major player in the grocery retail sector, revealed that a ransomware attack last November compromised the sensitive personal and protected health data of over 2.2 million individuals connected to its U.S. operations. This incident, which unfolded between November 5 and 6, 2024, has raised serious concerns about data security among consumers, employees, and related stakeholders across multiple states.
The multinational food retailer, which operates more than 9,400 stores worldwide and supplies well-known brands such as Food Lion, Giant Food, Hannaford, and Stop & Shop in the U.S., first detected the cybersecurity issue on November 8, 2024. Upon discovery, Ahold Delhaize took immediate action by taking affected systems offline, engaging external cybersecurity experts, and launching a comprehensive investigation to assess and contain the breach.
Despite these efforts, the breach resulted in unauthorized access to internal U.S. business systems, with an external party obtaining files from one of the company’s internal file repositories. According to regulatory filings, including one with the Maine Attorney General, the data breach exposed the personal information of 2,242,521 people. The compromised data included a wide range of sensitive details such as full names, postal and email addresses, telephone numbers, dates of birth, government-issued identification numbers (including Social Security numbers, passports, and driver’s licenses), financial account information like bank account numbers, health information including workers’ compensation and medical records contained in employment files, and various employment-related documents.
While the breach's scope is vast, affecting current and former employees and their family members, Ahold Delhaize's internal review suggests that customer information was not involved in the compromise. However, the impact on employees and associated individuals is significant, as the stolen data could facilitate identity theft, financial fraud, and other malicious activities.
The cyberattack also disrupted operations in some stores, leading to difficulties in fulfilling orders and sparking a wave of complaints on social media platforms. Downstream food chains and pharmacies linked to Ahold Delhaize were not spared from the operational fallout, underscoring the broader repercussions of the breach beyond data theft.
Experts have weighed in on the severity of the incident. Erich Kron, a Security Awareness Advocate at KnowBe4, emphasized the threat posed by the stolen information, stating, "The information stolen poses a significant threat to the victims, as the information is more than enough to steal identities and be used in future social engineering attacks. The fact that it impacts 2.2 million people is an issue as well. Victims need to keep an eye on their credit reports and look out for new lines of credit opened in their name, or better yet, lock the credit reports."
Adding to the gravity of the situation, the INC ransomware group has claimed responsibility for the attack. This group, active since mid-2023 and believed to be Russian and potentially state-sanctioned, reportedly stole 6 terabytes of data from Ahold Delhaize. The INC group, known for targeting healthcare, education, and government institutions through email-based phishing and custom exploit kits, has previously been linked to high-profile attacks such as those on Alder Hey Children’s Hospital in Liverpool and the Scottish health board in 2024.
Despite the INC group’s claims, Ahold Delhaize has not confirmed whether a ransom was paid or disclosed the exact methods used to breach its systems. The company has, however, committed to enhancing its cybersecurity measures to prevent future incidents, stating, "We take this issue extremely seriously and will continue to take actions to further protect our systems."
In response to the breach, Ahold Delhaize has begun notifying affected individuals, including those in California, Maine, and Montana, as required by law. The company is offering two years of free credit monitoring and identity protection services to those impacted, encouraging vigilance against suspicious activity and prompt reporting to relevant authorities.
Legal avenues are also opening up for victims. On July 2, 2025, Levi & Korsinsky, LLP, a nationally recognized consumer advocacy law firm with over 70 attorneys, announced an investigation into the breach. The firm is exploring whether affected individuals are entitled to compensation, emphasizing that there is no cost or obligation to participate. Known for securing hundreds of millions of dollars against large corporations, Levi & Korsinsky operates on a 100% contingency basis, meaning they only get paid if their clients do.
The firm’s announcement highlighted the seriousness of the breach, noting that companies failing to secure personal data may be held liable for resulting harm. Individuals who received notification letters from Ahold Delhaize USA Services are encouraged to seek information about potential compensation through the law firm.
This incident serves as a stark reminder of the vulnerabilities faced by large corporations in protecting sensitive data amid increasingly sophisticated cyber threats. With millions affected and the potential for long-term damage, the Ahold Delhaize breach underscores the urgent need for robust cybersecurity defenses and swift, transparent responses when incidents occur.
As investigations continue and affected individuals navigate the fallout, the broader retail industry watches closely. The stakes have never been higher when it comes to safeguarding personal and health information in an interconnected digital world.
