In a significant cybersecurity incident, Ahold Delhaize, the multinational retail giant behind well-known supermarket chains such as Food Lion, Stop & Shop, Giant Food, and Hannaford, has confirmed that a major data breach has exposed the personal information of more than 2.2 million individuals across the United States.
The breach was the result of a ransomware attack that occurred between November 5 and November 6, 2024. Initially, the company released only limited details about the incident. However, as of June 2025, Ahold Delhaize has officially disclosed the full extent of the breach through regulatory filings and public notices, revealing just how wide-reaching the damage truly was.
According to BleepingComputer, a reputable cybersecurity news outlet, the compromised data spans a broad range of sensitive information. It includes individuals’ names, birthdates, addresses, Social Security numbers, passport details, bank account information, health records, and employment-related data. This combination of personal and financial information places affected individuals at a high risk of identity theft and fraud.
Cybersecurity researchers believe that the attackers managed to gain access to internal systems, steal large volumes of files, and later leak parts of the stolen data online. While Ahold Delhaize has not publicly named the group behind the attack, analysts have identified that a well-known ransomware gang posted samples of the stolen data to a dark web leak site in April 2025. This suggests a deliberate effort to pressure the company or showcase the breach.
The attack not only compromised private information but also disrupted daily operations at several of the company’s U.S. stores. Customers reported temporary problems with services such as pharmacy operations, online ordering, and inventory tracking. Some locations experienced empty shelves, delayed deliveries, and technical issues, although no stores were permanently closed due to the breach.
In response, Ahold Delhaize has stated it is working in close coordination with law enforcement agencies and cybersecurity experts to fully investigate the incident and reduce the risk of future breaches. As part of its legal obligations, the company is also notifying affected individuals. For instance, over 95,000 residents in Maine have already been informed via the state’s data breach reporting portal.
The company expressed deep regret over the breach and emphasized its ongoing commitment to safeguarding user data. It has promised to strengthen its cybersecurity infrastructure and implement enhanced protections across its networks and systems.
This incident serves as a harsh reminder that no industry is immune from cyberattacks. While government agencies and technology companies are often targets, ransomware groups are now increasingly focusing on retail and food service companies, which store vast amounts of consumer data and are deeply integrated with digital systems.
For those impacted by the breach, cybersecurity experts recommend remaining vigilant. Steps such as monitoring bank accounts, watching for signs of identity theft, and placing fraud alerts or credit freezes with credit bureaus can provide added protection. Ahold Delhaize is expected to offer free credit monitoring services to help affected individuals safeguard their personal information in the coming months.
While the total impact is still under review, the fact that over 2.2 million people have been affected makes this one of the most severe retail sector breaches in recent years. It highlights the growing sophistication of ransomware operations and the urgent need for robust data protection in industries that manage sensitive customer information every day.
Stay alert, and keep your security measures updated!
Source: Follow cybersecurity88 on X and LinkedIn for the latest cybersecurity news
