Ahold Delhaize Breach Exposes Over 2.2 Million in Massive Employment Data Leak

The grocery giant behind Food Lion, Stop & Shop, and Giant Food has joined the growing list of U.S. corporations battling the fallout from a major data breach. Ahold Delhaize USA Services, the U.S. division of Dutch multinational Ahold Delhaize, disclosed that over 2.2 million individuals had their personal information compromised during a November 2024 cyberattack that has since been claimed by the INC ransomware gang.

In regulatory filings made public this week, Ahold Delhaize revealed that hackers infiltrated internal systems on November 5, 2024—gaining access to a trove of sensitive employment records. The breach was detected the very next day, but the scope and impact only became fully clear after months of forensic investigation.

A Trojan Horse in the Back Office

Unlike many headline-grabbing ransomware incidents that disrupt consumer-facing operations, this attack struck deep into the HR and administrative core of Ahold Delhaize’s U.S. operations. The stolen data includes Social Security numbers, passport details, bank account numbers, medical information, and employment records—making it one of the most sensitive and potentially damaging breaches in the retail sector this year.

A spokesperson confirmed that the affected data was collected "in the course of providing services for certain current and former Ahold Delhaize USA companies," suggesting that contractors and former employees were also swept up in the breach.

The Ransomware Claim and the Industry Backlash

In April 2025, the INC ransomware group claimed responsibility for the breach and boasted of stealing six terabytes of internal data. The group’s post on dark web forums included file samples to verify their claim, though Ahold Delhaize has not commented on whether it paid a ransom.

The timing is particularly fraught. U.S. food supply chains are already reeling after United Natural Foods—a key distributor for organic and specialty retailers—suffered a cyberattack that disrupted deliveries and spiked operational costs for major grocers like Whole Foods.

Security Experts: “Cyber Is No Longer Just Digital”

For experts in the cybersecurity space, the Ahold Delhaize breach is another stark example of the increasing physical-world impacts of digital vulnerabilities.

“The scariest thing in my mind is that we have now arrived at a very common kinetic effect, e.g. real-world physical issues, because of cyber threats,” said Lawrence Pingree, VP at network security firm Dispersive. “These types of data systems need strong multi-factor authentication, stealth networks to hide and make private the data during transmission and segmentation of users to limit potential lateral movement.”

In response to the breach, Ahold Delhaize has begun issuing written notices to affected individuals, including nearly 100,000 residents of Maine alone. The company is offering two years of free identity protection services through Experian, including credit monitoring and fraud resolution support.

Looking Ahead

With threat actors evolving and expanding their attack surfaces, traditional perimeter defenses are proving insufficient in shielding corporate data sprawl. Ahold Delhaize’s incident underscores the growing need for zero-trust architectures and deeper segmentation—not just to protect consumers, but to defend the very operational backbone of large enterprises.

Meanwhile, food retailers, already pressured by thin margins and logistical bottlenecks, are learning the hard way that cybersecurity isn't just about IT—it's about continuity, trust, and the ability to keep shelves stocked and workers paid.