Food retailer Ahold Delhaize USA has recently confirmed that a cybersecurity incident that occurred on 5 November 2024 exposed the sensitive data of 2.24 million individuals. This update comes after a brief statement issued by the company in April 2025.
The breach, which was an external system compromise, resulted in the unauthorized access to critical customer information including names, Social Security numbers, health details, and financial account information such as bank account numbers. Ahold Delhaize has stated that they are notifying individuals whose personal information was potentially affected in this security breach.
The company disclosed, “We detected a cybersecurity issue involving unauthorized access to some of our internal US business systems on 6 November 2024. We immediately launched an investigation with the help of leading external cybersecurity experts, collaborated with US federal law enforcement agencies, and implemented measures to contain the breach.”
Upon investigation, it was revealed that a third party gained access to certain files from one of the company’s internal US file repositories between 5 and 6 November 2024. Ahold Delhaize has confirmed that some of these files contained internal employment records with personal information belonging to individuals associated with current and former Ahold Delhaize USA companies.
Ahold Delhaize is the parent company of well-known brands such as Food Lion, Giant Food, Hannaford, and Stop & Shop, operating over 2,000 stores across 23 US states. The cybersecurity incident involving the company has been identified as the eighth-largest ransomware breach on a US entity in 2024 and the 11th largest globally, according to UK security software company Comparitech.
While the ransomware group Inc has claimed responsibility for the breach, this assertion has not been verified. In May 2025, Ahold Delhaize reported net sales of €23.28bn ($26.41bn) in the first quarter of fiscal 2025, marking a 5% increase at constant exchange rates.
The original article, “Ahold Delhaize USA 2024 cyberattack exposed 2 million people’s data”, was published by Retail Insight Network, a brand owned by GlobalData. Please note that the information provided in this article is for general informational purposes only and should not be considered as professional advice. It is recommended to seek professional guidance before making any decisions based on the content presented here.
