Ahold Delhaize USA Data Breach Lawsuit

Grocery retail giant Ahold Delhaize USA has confirmed a significant data breach that exposed sensitive personal information of over 2.2 million individuals, including nearly 100,000 residents in the state of Maine. The breach, which impacted internal U.S. business systems, involved unauthorized access by an external party and occurred between November 5 and 6, 2024.

Ahold Delhaize Data Breach Details

The breach was discovered on November 6, 2024, just one day after malicious actors infiltrated internal file repositories used by Ahold Delhaize USA Services, LLC. The compromised data reportedly includes sensitive employment-related information collected as part of support operations for several Ahold Delhaize USA companies, including Food Lion, Giant Food, The GIANT Company, Hannaford, Stop & Shop, ADUSA Distribution, and ADUSA Transportation.

According to disclosures filed with state authorities, a total of 2,242,521 individuals were affected, including 95,463 Maine residents. Given the scale of the breach in Maine, the company has notified the nationwide consumer reporting agencies in accordance with state law.

In response, Ahold Delhaize is offering two years of free credit monitoring and identity protection services to affected individuals.

Cybercriminal Group Linked to Breach

Although Ahold Delhaize has yet to publicly name the cybercrime group behind the attack, the INC Ransom ransomware group allegedly added Ahold Delhaize to its dark web extortion portal in April 2025, following the breach. INC Ransom is a ransomware-as-a-service (RaaS) operation that emerged in July 2023. Since then, the group has targeted a wide range of organizations in both the public and private sectors, with a list of more than 250 victims over the last two years.

The group reportedly leaked samples of documents taken from Ahold Delhaize’s compromised systems, further confirming the scale and severity of the data theft.

Affected Information

The stolen files may have included a wide array of personally identifiable information (PII), such as:

• Full names and contact details (postal and email addresses, phone numbers)

• Dates of birth

• Government-issued identification numbers (e.g., Social Security, passport, driver’s license)

• Financial account information (e.g., bank account numbers)

• Health-related data (e.g., workers’ compensation or other medical details)

• Employment records

The exact types of compromised data vary by individual.

Impact on Customers

The personal and sensitive information compromised in this breach includes elements that could lead to serious privacy issues for the affected individuals. Those impacted are at an increased risk of identity theft, where their information could be used without their knowledge to commit fraud or other illegal activities.

What You Can Do After the Data Breach Impacting Ahold Delhaize

If your personal information has been breached, it’s important to take immediate and proactive steps to minimize the potential impact and protect yourself from identity theft or fraud. Here are some general actions that you should consider taking:

• Monitor Credit Reports: Check your credit reports regularly for suspicious activity.

• Place a Fraud Alert or Credit Freeze: Set up a fraud alert or freeze your credit to prevent unauthorized access.

• Monitor Financial Accounts: Review bank and credit card statements for unfamiliar transactions.

• Watch for Phishing Scams: Be cautious of unsolicited requests for personal information.

• Change Passwords: Update passwords for online accounts and use strong, unique ones.

• Enable Two-Factor Authentication: Add an extra layer of security to online accounts.

• Review Health and Insurance Info: Check for fraudulent charges if health data was exposed.

File a Lawsuit Against Ahold Delhaize