Ahold Delhaize Ransomware Attack – 2.2 Million Individuals Impacted

In late June 2025, multinational food retailer Ahold Delhaize disclosed a massive ransomware breach tied to an attack that occurred in November 2024. The cyberattack, linked to the INC Ransom group, targeted internal U.S. business systems and led to the exposure of sensitive data belonging to 2.2 million individuals.

What Data Was Compromised

• The stolen data included:
• Medical and health records
• Full names and contact details
• Dates of birth
• Social Security, passport, and driver’s license numbers
• Bank account information

Victims include both current and former employees across Ahold’s U.S. grocery brands such as Stop & Shop, Food Lion, Giant Food, and Hannaford.

The Company’s Response

Ahold Delhaize is offering two years of free identity protection and credit monitoring to those impacted. They’ve also worked with law enforcement and forensic experts to contain the incident and harden their infrastructure.

Key Concerns for Businesses

This breach reflects an alarming trend: ransomware actors are now prioritizing internal systems and employee records, not just customer data or financial assets. The inclusion of health and ID documentation in the exfiltrated data poses long-term risks like identity theft, insurance fraud, and employment scams.

Lessons from the Attack

Ransomware readiness must go beyond backups and antivirus—it must include threat hunting, segmentation, and proactive detection.
Third-party vendors and internal tools must undergo constant risk assessment.
Communication plans and fast employee notification can help contain damage and legal exposure.

Pro Tip: Reinforce internal threat detection and automate your incident response using TAC Security’s ESOF Risk Platform to prevent such deep-system breaches.