Ahold Delhaize Data Theft Confirmed

Summary

Ahold Delhaize confirmed a November 2024 cyberattack resulted in data theft. The INC Ransom ransomware group claimed responsibility, threatening to release 6TB of stolen data. Investigations continue, and affected individuals will receive notifications as appropriate.

Explore the data solution with built-in protection against ransomware TrueNAS.

** Main Story**

So, I’ve been following this Ahold Delhaize situation – you know, the multinational food retail giant? It’s kind of a big deal. Apparently, they confirmed on April 17, 2025, that they suffered a cyberattack back in November 2024. The worst part? Data was stolen from their U.S. systems. It’s messy, to say the least.

This all came about after INC Ransom, a ransomware group with a pretty nasty reputation, claimed responsibility. They even listed Ahold Delhaize on their data leak site. Can you imagine the stress? Ahold Delhaize acknowledged the breach, which, honestly, is a start. However, they’ve been tight-lipped about the ransomware aspect, not commenting on INC Ransom or any specific threat actors. Smart move, maybe? Who knows. They’ve launched an investigation, bringing in external cybersecurity experts and law enforcement, to figure out just how deep this rabbit hole goes.

The Timeline and Initial Damage

Back on November 8, 2024, Ahold Delhaize went public with a “cybersecurity incident.” They took affected systems offline, which, I suppose, is the standard protocol. It mainly hit some of their U.S. pharmacies and e-commerce operations – those under the Ahold Delhaize USA umbrella. They scrambled to contain the damage, trying to get things back online, but still keep their brands like Food Lion, Stop & Shop, Giant Food, and Hannaford, running smoothly. A difficult balance, for sure.

INC Ransom’s Bold Claim

Then INC Ransom stepped up, adding Ahold Delhaize to their data leak site. These guys are known for their double-extortion tactics, which are basically as awful as they sound. They’re claiming they have up to 6TB of sensitive data from Ahold Delhaize’s U.S. operations! It’s a huge amount of data. And they’re threatening to leak it all unless their (undisclosed) demands are met. As “proof,” they posted sample documents, including internal stuff and copies of IDs. Not good, not good at all.

What’s Ahold Delhaize Doing Now?

Okay, so Ahold Delhaize confirmed “certain files” were indeed swiped during the November incident. They’re really emphasizing their commitment to getting to the bottom of this and understanding the full scope of the data that’s been compromised. Makes sense. That said, they are working with cybersecurity experts and have looped in law enforcement. Apparently, if personal data turns out to be involved, they’re ready to notify everyone who needs to be notified, as required by law. They’ve dotting their ‘i’s and crossing their ‘t’s.

To give you some context, Ahold Delhaize is massive, with around 8,000 stores in Europe and the U.S. and over 410,000 employees. Their annual revenue? About $100 billion. Those U.S. brands I mentioned – Food Lion, Stop & Shop, Giant Food, and Hannaford – they’re all under the Ahold Delhaize umbrella.

Now, INC Ransom, well, they’ve been busy. They’ve been mostly hitting U.S. organizations lately. Researchers are pointing fingers at someone called “Vanilla Tempest” as a key player in some of their high-profile attacks, especially those targeting U.S. healthcare providers. They recently claimed a data breach at the State Bar of Texas. Over 100,000 members’ data were compromised, reportedly.

What About the Customers?

Good news? Ahold Delhaize says everything’s still open and running, both in-store and online. And customers, they say, shouldn’t notice any problems when they shop. But, the investigation, it continues. More details will come out. You just know it will. I’m curious to see how this unfolds and what lessons we can all learn from it, aren’t you?