Over 2 million affected by US grocery store breach
Belgian-Dutch grocery store operator Ahold Delhaize has revealed that the non-public knowledge of over two million people was compromised in a November 2024 ransomware assault on the methods of its US operations.
In a submitting made this week on the workplace of the lawyer basic for the US state of Maine, the organisation mentioned that 2,242,521 folks in whole had been affected.
In a letter to impacted people signed by Ahold Delhaize’s US authorized affairs vice chairman, Dyana Tull, the organisation mentioned that the stolen knowledge included names, contact particulars, dates of beginning, Social Safety, passport and driving licence particulars, monetary account info, and worker knowledge associated to compensation and occupational well being.
“Upon detection final November, we started taking steps to evaluate and comprise the problem, together with working with exterior cyber safety consultants to research and safe the affected methods,” wrote Tull.
“We take this subject extraordinarily severely and can proceed to take actions to additional defend our methods…. We remorse any inconvenience this subject might trigger for you.”
As has turn into customary following such breaches, Ahold Delhaize is providing these affected a 12 months’s value of free identification safety and credit score monitoring through Experian, which may be taken up till the top of September.
Following the incident final 12 months noticed the INC Ransom crew claimed to have stolen six terabytes of information from Ahold Delhaize, which in addition to the Meals Lion and Big grocery store chains within the US, operates the eponymous Albert Heijn and Delhaize chains within the Benelux area, in addition to shops in Indonesia, Romania and Serbia.
In April 2025, it additionally emerged that knowledge on Dutch staff who had been on the corporate payroll in April 2021 had additionally been compromised.
The cyber assault additionally triggered disruption for patrons at a few of Ahold Delhaize’s US operations, notably its Meals Lion and Hannaford chains, when the corporate was pressured to close down key on-line commerce methods.
“Affected customers must be vigilant for indicators of identification theft and phishing makes an attempt. The stolen info can be utilized for social engineering assaults, as attackers can pose as professional representatives of monetary establishments, healthcare suppliers, or authorities companies,” mentioned Boris Cipot, senior safety engineer at Black Duck, an software safety specialist.
“To mitigate potential hurt, customers ought to notify related establishments in regards to the breach, akin to their financial institution, healthcare supplier, employer, or authorities companies. These establishments can present steering on subsequent steps to guard in opposition to additional publicity, monitor credit score standing, and forestall identification theft,” he mentioned.
Who’re INC Ransom?
INC Ransom, the cyber felony gang that claims this specific assault, has been lively for about two years.
It targets organisations primarily in Europe and the US, and has had a specific give attention to the training, healthcare and industrial sectors.
Within the UK particularly, it seems to have been behind assaults on Alder Hey Childrens NHS Basis Belief and Liverpool Coronary heart and Chest Hospital NHS Basis Belief, and NHS Dumfries and Galloway.
In response to analysts at SentinelOne, the gang works to a reasonably typical playbook the place it tries to current itself not as a felony operation however as a service supplier providing victims the prospect to each ‘save their popularity’ and make their IT methods ‘safer’.
It makes use of a wide range of preliminary entry strategies akin to focused spear phishing emails, and has additionally been identified to take advantage of vulnerabilities in Citrix merchandise.
Its locker malware makes use of AES-256 encryption in cipher block chaining (CBC) mode and can terminate open processes with a view to encrypt open recordsdata, in addition to concentrating on backups for deletion.
