Ahold Delhaize USA Confirms Data Theft After Cyberattack Linked to INC Ransom Gang
Ahold Delhaize USA, the parent company of major supermarket brands like Stop & Shop, Food Lion, Hannaford, and Giant Food, has confirmed that data was stolen during a cyberattack that occurred in fall 2024. The company announced in a recent update that hackers were able to access and steal certain files from its internal U.S. business systems.
“Based on our investigation so far, we believe some files were taken as part of the earlier cybersecurity incident,” the company said in a statement.
Back in November 2024, the company experienced technical issues that disrupted online grocery services and temporarily brought down websites for some of its grocery chains. While services were restored quickly, the full extent of the breach is now becoming clear.
Investigation Still Ongoing
Ahold Delhaize has not yet revealed what type of data was taken but said it is actively working to identify what information may have been affected. The company also assured that individuals whose data was compromised will be notified, as required by law. Authorities have been informed and are currently involved in the investigation.
“We are committed to protecting the information of our customers, employees, and partners,” the company emphasized.
INC Ransom Gang Claims Responsibility
A cybercriminal group known as INC Ransom has claimed responsibility for the attack. According to their statement earlier this week, they allegedly stole six terabytes of data from Ahold Delhaize USA.
The Cyber Express has reached out to the company for confirmation, but Ahold Delhaize has not yet responded.
Who Is INC Ransom?
INC Ransom, also known as GOLD IONIC, is a ransomware and extortion group active since at least mid-2023. They have targeted a wide range of industries—including healthcare, education, government, and now retail—across countries like the U.S., U.K., Australia, France, Germany, and others.
The group is known for using advanced tools such as:
- AdFind – gathers information from corporate networks
- PsExec – runs commands on remote computers
- Rclone – moves data to cloud storage platforms
Previous Attacks
This is not the first time INC Ransom has made headlines. In June 2024, they claimed responsibility for a cyberattack on ControlNET LLC, a U.S. company that provides technology for buildings. In that case, they leaked floor plans, invoices, emails, and more to prove the breach. They also claimed to have attacked Rockford Public Schools, raising concerns about potential supply chain vulnerabilities.
Why It Matters
Cyberattacks like this can have serious consequences. For companies like Ahold Delhaize USA, even short disruptions can hurt business operations and finances. More importantly, if personal or financial data is stolen, it can be used for scams, identity theft, and other crimes.
The claim that six terabytes of data were stolen is especially concerning. While Ahold Delhaize hasn’t confirmed the amount or specific content of the stolen files, such a large amount of data could include employee records, contracts, emails, and more.
What Shoppers Should Do
If you shop at any of Ahold Delhaize’s stores (Stop & Shop, Food Lion, Hannaford, or Giant Food), it’s important to stay alert. Here are some precautions to take:
- Watch your email and bank accounts for any suspicious activity
- Be cautious of fake messages pretending to be from the company
- Change passwords for any grocery-related accounts, especially if you reuse passwords
As threats from cybercriminals grow more sophisticated, companies need to boost their cybersecurity efforts across the board—from internal systems to external partners.
Found this article interesting? Follow us on X(Twitter) ,Threads and FaceBook to read more exclusive content we post.
