Data Spill In Aisle 5: Grocery Giant Ahold Delhaize Says 2.2m Affected Aftercyberattack
Multinational grocery and retail megacorp Ahold Delhaize says upwards of 2.2 million people had their data compromised during its November cyberattack with personal, financial and health details among the trove.
Ahold Delhaize operates a network of stores in Europe and the US via brands including Food Lion, Stop & Shop and Giant. It also has a substantial web business. It employs more than 400,000 staff and serves around 63 million customers a week.
The digital break-in late last year caused disruption across its organization, with some Stop & Shop stores struggling to fill prescriptions due to IT issues, while Food Lion employees took to social media complaining about delayed and missing deliveries.
Now Ahold Delhaize has confirmed more details via a notification filed with the Office of the Maine Attorney General, revealing the data of more than 2.24 million individuals was exposed.
Different people will have had different data points compromised, it added, and said the following may be in the wrong hands:
- Names
- Contact information (postal address, email address, and telephone number)
- Dates of birth
- Government-issued identification numbers (Social Security, passport and driver’s license numbers)
- Financial account information (including bank account numbers)
- Health information (workers’ compensation information and medical information contained in employment records)
- Employment-related information
In a “Notice of Data Breach” letter sent to impacted individuals, Ahold Delhaize made no reference to customer data, saying only that investigations revealed “personal information contained in employment records related to you or your family member” may have been accessed.
This indicates the breach involved current and former staff.
“Upon detection last November, we began taking steps to assess and contain the issue, including working with external cybersecurity experts to investigate and secure the affected systems,” it said.
“We take this issue extremely seriously and will continue to take actions to further protect our systems.”
Ahold Delhaize has still not confirmed the nature of the attack, which is widely thought to have involved ransomware.
INC Ransom took responsibility for the attack at the time and leaked some documents that it claims were taken from the retailer’s systems.
This week’s admission of the attack’s scale follows an earlier update in April confirming that data was indeed compromised, but the details of how much and what was taken were not available at the time.
In lieu of an apology, the company offered affected staff in the US free credit monitoring and identity protection services for two years.
Ahold Delhaize is a Dutch-Belgian holding company for its various brands that manage around 9,400 stores across Europe, North America and Indonesia.
It was formed in 2016 after the merger of Ahold and Delhaize Group, both of which launched in the latter half of the 1800s, in Belgium and the Netherlands respectively.®
A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.
If you like the site, please support us on “Patreon” or “Buy Me A Coffee” using the buttons below
To keep up to date follow us on the below channels.
