Bun, the largest Albert Heijn franchisee, has fallen victim to a ransomware attack, exposing the sensitive information of approximately 3,500 employees.
According to RTL Nieuws, a Dutch news outlet that has reviewed and verified a sample of the exfiltrated data published on the dark web, hackers managed to steal private details of 3,462 current and former employees, dating back all the way to 2017.
This includes names, residential addresses, dates of birth, marital statuses, Social Security numbers (BSN), nationalities, signatures, and bank account numbers. Medical information about sick leave, copies of passports, and employee contracts were also stolen and published.
Passports and financial documents from Bun’s owners, such as their personal income tax returns, have also been published.
This type of information can be misused by scammers and fraudsters for criminal activities, such as phishing and identity fraud.
According to Hackmanac, a hacking group called ThreeAM has claimed responsibility for the data breach on October 13th. They claim to have published around 20 percent of the stolen data and threaten to publish more documents soon if Bun does not pay.
Bun was unavailable for comment.
This is the second time within a year that Albert Heijn employees have been affected by a data breach. In November 2024, Ahold Delhaize, Albert Heijn’s parent company, disclosed that a security incident had taken place at the US branch.
INC Ransom, the hacking group responsible for the ransomware attack, claimed to have stolen six terabytes of corporate and personal information of more than 2.2 million people, including names, contact information, dates of birth, ID numbers, financial account information, health information of workers, and employment-related information.
Unlock more exclusive Cybernews content on YouTube.
Your email address will not be published. Required fields are markedmarked