CyberInsider

Reliable cybersecurity news and resources

General

Latest News

About

CyberInsider covers the latest news in the cybersecurity and data privacy world. In addition to news, we also publish in-depth guides and resources.
See our Mission >

Ahold Delhaize Says INC Ransom Attack Impacted 2.2 Million People

By Leave a Comment

Ahold Delhaize USA has confirmed a large-scale data breach affecting more than 2.2 million individuals following a ransomware attack in November 2024.

The INC Ransom group took responsibility earlier, posting samples of stolen data online in a move that now appears to have included extensive personal and employment records.

The breach was officially disclosed to regulators yesterday. According to the filings, the attack occurred on November 5, 2024, and was discovered the following day. The breach was classified as an external system intrusion involving data exfiltration. In total, 2,242,521 individuals were confirmed impacted.

The notice sent to affected individuals reveals that the stolen data originated from internal employment files maintained by Ahold Delhaize USA Services, LLC, a support entity serving several prominent U.S. grocery chains such as Food Lion, Stop & Shop, Giant Food, Hannaford, and others under the ADUSA umbrella. The compromised information includes:

  • Full names
  • Contact details
  • Dates of birth
  • Social Security numbers
  • Driver's license and passport details
  • Bank account information
  • Health-related data from employment records

Ahold Delhaize is one of the world's largest food retail groups, operating nearly 8,000 stores across Europe and the U.S., with over 410,000 employees and annual revenues of approximately $100 billion. In the U.S., the company is a key player in the grocery sector through well-known regional chains. Despite the breach, all retail stores and online operations remained functional during and after the incident, with the company taking precautionary measures, including taking some IT systems offline.

The INC Ransom gang listed Ahold Delhaize on its dark web leak site in April 2025. The post included proof-of-compromise files and extortion threats, typical of the group's modus operandi.

ransomware.live

Upon detecting the breach, Ahold Delhaize collaborated with federal law enforcement and external cybersecurity experts to contain the threat and assess the damage. An extensive review of the stolen data was required to confirm the scope of the breach and to begin individual notifications.

Affected individuals have been offered two years of complimentary credit monitoring and identity protection services via Experian, which include identity restoration support and $1 million in identity theft insurance coverage. The company also advised impacted individuals to remain vigilant, review credit reports, and consider placing fraud alerts or credit freezes.

If you liked this article, be sure to follow us on X/Twitter and also LinkedIn for more exclusive content.

LinkedInReddit

More from CyberInsider

About Amar Ćemanović

Amar Ćemanović is an experienced editor and trained engineer with a keen eye for detail and a passion for technology. 
Based in Bosnia, Amar specializes in producing high-quality, engaging content. He holds a Master’s degree in engineering, which helps him maintain a meticulous approach to all editorial work. Amar brings a well-rounded knowledge base, covering everything from tech solutions to privacy tools.

Reader Interactions

Leave a Reply

Your email address will not be published. Required fields are marked *

Share to...
BlueskyBufferCopyFlipboardHacker NewsLineLinkedInMastodonMessengerMixNextdoorPinterestPocketPrintRedditSMSTelegramThreadsTumblrVKWhatsAppXingYummly