Excerpt from SecurityWeek Article, Published on Jun 30, 2025.
Delhaize, the Dutch grocery conglomerate, has confirmed that a major ransomware attack targeting its internal systems has resulted in a significant data breach, compromising sensitive information of over 2.2 million people. The incident, which unfolded in November 2024, disrupted several US-based entities under the Delhaize umbrella, including Giant Food pharmacies, Hannaford supermarkets, Food Lion, The Giant Company, and Stop & Shop. The cyberattack, later claimed by the Inc Ransom group, was formally acknowledged by Delhaize in April 2025, with the company confirming that hackers had likely exfiltrated data from key business systems. After extensive investigation, Delhaize revealed that the breach primarily affected internal employment records, impacting both current and former employees across Delhaize USA operations.
According to a disclosure submitted to the Maine Attorney General’s Office, a staggering 2,242,521 individuals have been impacted. The stolen information differs across individuals but may include names, contact details, dates of birth, Social Security numbers, passport numbers, driver’s license data, bank account information, health records, and various employment-related details. Delhaize has initiated notification procedures for all affected parties and is offering two years of complimentary credit monitoring and identity protection services. This move underscores Delhaize’s attempt to mitigate the potential fallout and restore trust following this severe cybersecurity lapse.
The ransomware group, Inc Ransom, has published nearly 800 GB of the stolen data on its Tor-based leak site, strongly suggesting that Delhaize has not succumbed to ransom demands. The attackers claim to have siphoned off as much as 6 TB of sensitive data, posing ongoing risks to data privacy and corporate security for Delhaize.
As Delhaize navigates the aftermath of this breach, it faces mounting pressure to enhance its cybersecurity measures and ensure better protection of employee and customer data in the future.
To delve deeper into this topic, please read the full article SecurityWeek.
