More than 2.2 million individuals, including over 95,000 residents of Maine, have been impacted by a cybersecurity breach linked to Hannaford Supermarkets. The breach occurred in November 2024, but its full extent was only disclosed recently by Ahold Delhaize USA, the parent company of Hannaford.
The company confirmed that hackers gained unauthorized access to personal and financial data stored in the retailer’s IT systems. The breach affected both customers and employees.
Exposed Data Includes Financial, Health, and Identity Information
In a notice issued on June 20, Ahold Delhaize revealed that attackers were able to access a wide range of personally identifiable information. Although the specific data points varied by individual, the compromised information includes:
- Full names
- Home and email addresses
- Social Security numbers
- Driver’s license numbers
- Bank account details
- Worker’s compensation and medical data
“The types of impacted information vary by affected individual,” the company stated in its notification.
The breach adds Hannaford to a growing list of organizations in the state of Maine that have experienced data compromise in 2025, including Covenant Health, Central Maine Healthcare, and a school software vendor breach in January.
Delayed Public Disclosure Raises Concerns
Initial statements about the incident surfaced shortly after the breach in late 2024. However, it wasn’t until the company’s official communication in June 2025 that full details were made public. This delay has raised concerns among data privacy advocates and affected consumers alike.
To support impacted individuals, Ahold Delhaize is offering credit monitoring and identity protection services. Customers have also been advised to remain vigilant by reviewing bank account statements and credit reports regularly.
E-Commerce Retailers Increasingly Targeted
Hannaford, like many modern retailers, uses digital infrastructure to manage inventory, staffing, customer engagement, and e-commerce transactions. According to the Identity Theft Resource Center, grocery chains are becoming frequent targets of cyberattacks due to the high volume of personal and financial data they process.
The breach also comes amid a notable uptick in reported cybercrime across Maine. According to the FBI’s Internet Crime Report, the state logged over 2,100 complaints in 2024—a 30% increase from the prior year. While Maine ranks 46th in total cybercrime complaints by state, the growth trend is significant.
A Reminder of the Importance of Immutable Data Protection
Retailers and supply chain operators remain attractive targets due to their heavy reliance on data-driven operations. Attacks like the one on Hannaford underline the need for enterprises to implement resilient data protection solutions that defend against both ransomware and data theft.
Ensuring the integrity and recoverability of critical systems can make the difference between a disruptive incident and a catastrophic one.
Looking for a trusted recovery solution?
Defend your organization with [StoneFly DR365]—an air-gapped, immutable backup and recovery appliance trusted by enterprises to ensure zero data loss even in the event of complex cyberattacks.
