Ahold Delhaize, the €87 billion ($99 billion) retail titan behind your local Stop & Shop and Albert Heijn, has been hit by a data breach. At least that’s what a ransomware gang is claiming on its dark web blog.
The INC Ransom gang says it has breached the Dutch multinational grocery empire, which has nearly 8,000 stores worldwide.
The retail giant is one of the largest global grocery retailers. It owns major chains like Albert Heijn in the Netherlands, Delhaize in Belgium, and Food Lion, Giant Food, and Stop & Shop in the US, serving millions every week.
The leak notice went up on April 17th. This is a grim ritual among ransomware crews to publicly name-and-shame victims into paying up. Reportedly, the gang started releasing old data, which mainly affects American customers. However, it also reports that it has Dutch documents.
The company previously confirmed the breach to local media BNR, claiming that the leaked data concerns an old breach from November. According to Ahold Delhaize, it was an “American” incident, and the investigation is ongoing.
Last November, the US division of the food and grocery giant stated that the cyberattack had impacted several pharmacies and online sales platforms across the country.At the time, an industry publication reported that several Stop & Shop chain locations from Quincy, Massachusetts, were "grappling with empty boxes and cleared-out shelves," as well as "widespread out-of-stocks" in the fresh food departments.
Some grocery managers have told customers that the cybersecurity issue had impacted truck shipments and the stores were not receiving scheduled deliveries.
The company's spokesperson told Cybernews that the investigation remains ongoing and is connected to the incident in 2024. At the time, certain files were taken from some of the internal US business systems.
"As reported in November last year, Ahold Delhaize USA detected a cybersecurity issue within its US network, the business impact of which was mitigated by our cyber-defense capabilities and response protocols," the spokesperson said in an emailed statement.
Who is INC Ransom?
INC Ransom, likely linked to Russia, is one of the newer names on the cybercrime circuit, but it’s moving fast. Since its emergence in July 2023, the gang has claimed 234 victims, according to Cybernews' dark web monitoring tool RansomLooker.
It runs a multi-extortion operation, which means it doesn’t just encrypt your files – it steals your data and threatens to leak it if you don’t pay up. The demands also come with a twisted pitch – pay us, and we’ll make your systems more secure.
And when it comes to targets, INC Ransom doesn’t discriminate. Hospitals, schools, governments, tech companies – no one is off-limits.
Updated on April 18th with the company's response.
Your email address will not be published. Required fields are markedmarked