Ahold Delhaize, a multinational food retail company with thousands of stores across the United States and Europe, has confirmed a sweeping data breach affecting over 2.2 million individuals.

The breach stemmed from a ransomware attack that began in early November 2024 and disrupted digital services at several of its U.S. supermarket chains, including Food Lion, Hannaford, Stop & Shop, and Giant Food.

INC Ransom, a cybercriminal group, later took credit for the attack, claiming to have exfiltrated over six terabytes of sensitive data.

Leaked information includes names, contact details, Social Security numbers, health records, and employment-related data. Although no customer payment systems were reportedly compromised, the scale and sensitivity of the breach have triggered regulatory disclosures and widespread concern.

Why It Matters: This breach exemplifies the increasing frequency and severity of cyberattacks targeting the retail and supply chain sectors. As ransomware groups exploit weak points in operational and employment systems, the fallout extends far beyond corporate losses, impacting millions of individuals and exposing systemic security flaws in essential industries like food distribution.

• Wide-Ranging Impact: Ahold Delhaize disclosed that 2,242,521 individuals were affected, primarily through the exposure of employment records from current and former staff across its U.S. brands. Personal details included Social Security numbers, passport data, financial account info, and health-related documentation.

• Attack Timeline and Disruption: The attack was discovered on November 6, 2024, though evidence suggests hackers had already begun stealing data a day prior. Online ordering systems and pharmacy operations were disrupted, with some brand websites temporarily taken offline during the incident.

• INC Ransom’s Role: In April 2025, INC Ransom added Ahold Delhaize to its dark web extortion site and released a sample of the stolen files, indicating the company likely refused to pay a ransom. Investigations confirmed that data was indeed exfiltrated from U.S.-based business systems, although the company has not officially verified the group’s involvement.

• Corporate and Regulatory Response: Ahold Delhaize notified the Maine Attorney General’s Office and began issuing breach notification letters to affected individuals. The company is offering two years of free credit monitoring and identity protection services to mitigate the potential long-term impact.

• Broader Cybersecurity Trends: The attack is part of a wider surge in ransomware incidents affecting the retail industry. Other high-profile breaches this year include those targeting United Natural Foods (distributor for Whole Foods) and UK retailers like Harrods and M&S. These incidents point to a growing strategic interest by threat actors in disrupting consumer-facing infrastructure.

Go Deeper -> Hackers stole data on 2.2 million people in cyberattack affecting American grocery chains – The Record

Ahold Delhaize Data Breach Impacts 2.2 Million People – Security Week

Retail giant Ahold Delhaize says data breach affects 2.2 million people. – Bleeping Computer