Ahold Delhaize confirms data theft from U.S. business systems in a November 2024 cyberattack, as ransomware group INC Ransom leaks stolen files on dark web.
Multinational Retailer Ahold Delhaize Confirms U.S. Systems Were Compromised in Data Breach
Ahold Delhaize, the multinational retail and wholesale company, has confirmed a data breach impacting internal U.S. business systems. The confirmation follows claims made by INC Ransom, a known ransomware group, which listed the company on its data leak site and released samples of stolen documents.
“Based on our investigation to date, certain files were taken from some of our internal U.S. business systems,” a spokesperson said in a statement.
The incident originated in November 2024. On November 8, Ahold Delhaize issued a public alert, stating that a cybersecurity incident had forced them to take down some of their IT systems as a precautionary measure.
“This issue and subsequent mitigating actions have affected certain Ahold Delhaize USA brands and services including a number of pharmacies and certain e-commerce operations,” the company said in the initial announcement.
Ongoing Investigation and Response Efforts
Ahold Delhaize is continuing its investigation into the breach. Although the company has not confirmed whether ransomware was involved, it has acknowledged data was taken.
“If we determine that personal data was impacted, we will notify affected individuals as appropriate. In addition, we have notified and updated law enforcement,” the spokesperson added.
As of now, all Ahold Delhaize stores and e-commerce platforms remain operational.
The company has not specified what types of data were accessed. However, samples of documents allegedly stolen have been published by INC Ransom on their extortion site.
Company Profile and Potential Impact
Ahold Delhaize operates nearly 8,000 retail locations across Europe and the United States, under brands including Food Lion, Stop & Shop, Giant Food, and Hannaford. The company employs over 410,000 people and reports annual revenues of around $100 billion.
The breach poses a potential risk to both corporate and customer data, though notifications to individuals will only follow once personal data compromise is confirmed.
INC Ransom’s Continued Targeting of U.S. Organizations
INC Ransom has increasingly targeted U.S.-based organizations in recent months. The group is known for high-profile extortion campaigns and is tracked by Microsoft under the name “Vanilla Tempest.”
Most recently, INC Ransom claimed responsibility for a cyberattack on the State Bar of Texas, warning over 100,000 members about the theft of their sensitive data.
This continued activity highlights the group’s focus on sectors holding large volumes of confidential information—including retail, legal, and healthcare.
