The Delhaize Data Breach – Explained Simply

In late 2024, millions of Americans were caught in the crosshairs of a major cyberattack targeting one of the country’s biggest grocery groups. The breach, affecting Ahold Delhaize USA — the parent company behind Stop & Shop, Food Lion, Hannaford, Giant Food, and others — exposed sensitive personal information of over 2.2 million current and former employees.

For many, this wasn’t just another headline about some far-off cyberattack. It was personal. And the ripple effects are still unfolding in 2025.

How Did This Happen?

The breach occurred between November 5 and 6, 2024. During that brief window, cybercriminals belonging to the ransomware group “INC Ransom” managed to infiltrate Ahold Delhaize USA Services, the internal support division that handles HR, payroll, IT, and pharmacy services for all their grocery brands in the U.S.

Once inside, the attackers quietly exfiltrated files containing sensitive data. Although customer credit card systems were reportedly untouched, the stolen information included names, addresses, Social Security numbers, bank details, and even medical records for some individuals.

In April 2025, the INC Ransom group publicly claimed responsibility, releasing samples of the stolen data to back up their claims.

Why This Matters: The Real Risks

This breach goes beyond identity theft — though that’s bad enough on its own. With the type of information stolen, victims could face a variety of risks:

  • Identity fraud: Opening credit cards or loans using your personal details.
  • Financial theft: Unauthorized withdrawals or transactions using exposed bank info.
  • Medical fraud: Filing false insurance claims using stolen health data.
  • Phishing attacks: Highly targeted scam emails or messages using your private info.

And because the breach included data on dependents and former employees — not just current staff — its reach is alarmingly wide.

What You Can Do If You Might Be Affected

If you’ve ever worked for or with one of Ahold Delhaize’s brands, or if your family has, it’s worth checking your mailbox. Affected individuals are being notified by letter and offered two years of free credit monitoring and identity protection services.

But don’t stop there. Here are a few important steps anyone can take to stay protected:

  1. Enroll in the free monitoring services. Early alerts can help you act fast.
  2. Consider a fraud alert or credit freeze. Stop new accounts from being opened in your name.
  3. Stay vigilant. Monitor bank statements, health records, and incoming messages.
  4. Use strong, unique passwords. And enable two-factor authentication wherever possible.

So, What Does This Breach Teach Us?

Cyberattacks are no longer just a problem for big banks and tech firms. Even grocery store chains — especially ones with complex internal systems and thousands of employees — are becoming prime targets.

The Delhaize breach is a stark reminder that the systems we rely on every day, even for basic things like food and pharmacy access, are tied to sensitive digital infrastructures. And when those systems are compromised, the consequences are deeply personal.

Companies need to invest more in protecting not just customer data, but employee and operational data as well. And for the rest of us, it’s important to stay aware, even when the headlines fade.