Over two million people have been impacted by a previous cybersecurity incident affecting Ahold Delhaize USA, the global food retailer that serves thousands of stores across the states.
Ahold Delhaize USA suffered a cyberattack in November 2024. Now, it has been revealed that over two million people were affected by the breach, which led to empty shelves across certain US stores.
The company confirmed in a breach notification that it had affected employment records related to individuals or their family members.
Ahold Delhaize USA supposedly obtains this personal information to provide “support services to Ahold Delhaize USA companies,” the company explained.
The information impacted includes:
- Names
- Contact information (postal and email addresses, and telephone numbers)
- Dates of birth
- Government-issued ID numbers (Social Security, passport, and driver’s license numbers)
- Financial account information (bank account numbers)
- Health information (workers' compensation information and medical information)
- Employment-related information
While the company claims to take safeguarding personal information “very seriously,” more than 2.2 million people, including over 95,000 Maine residents, are at risk.
This information is valuable to hackers and could be sold on the dark web for a pretty penny.
Once sold, other threat actors can use this sensitive data to conduct tailored phishing attacks to steal money or more personal information from their victims, commit identity theft, or commit fraud.
Medical information is especially valuable, as bad actors can exploit it by filing claims with Medicaid and other healthcare providers.
The threat actor infiltrating the company’s system gained access to files from one of Ahold Delhaize USA’s internal file repositories, the company confirmed.
The US division of Ahold Delhaize notified customers of a “cybersecurity incident” in June 2025, seven months after the initial incident. The hacker was in its system from November 5th to November 6th, the company said.
The retail and wholesale holding company is a big target for hackers as it serves 2,000 local brand stores and makes over $58 billion in annual sales.
As one of the world's largest food retail groups and leaders in the supermarket industry, Ahold Delhaize USA is the largest grocery retail group on the east coast and the fourth largest in the US.
The company’s five major US brands include Food Lion, Giant Food, The GIANT Company, Hannaford, and Stop & Shop, serving tens of millions of customers each week.
The cyberattack that led to bare shelves and hungry customers
Back in November 2024, social media and local media reported empty shelves and shop assistants without answers across the New England region.
Users flocked to social media to express concerns surrounding the bare shelves in some of their favourite stores, serviced by Adhold Delhaize USA.
“All over New England the food chain Stop and Shop and its pharmacies have been hacked since right before the election. Shelves are bare, and no one working in the stores can explain why. Shoppers personal information has been compromised. It’s really odd, “ posted X user Diane E
Some grocery managers have told customers that the cybersecurity issue had impacted truck shipments and the stores were not receiving scheduled deliveries.
Your email address will not be published. Required fields are markedmarked