Food retail giant Ahold Delhaize confirms that data was stolen from its U.S. business systems during a November 2024 cyberattack.

“Based on our investigation to date, certain files were taken from some of our internal U.S. business systems,” a spokesperson confirmed to BleepingComputer.

“Since the incident was detected, our teams have been working diligently to determine what information may have been affected.”

Ahold Delhaize is a multinational retail and wholesale company that operates nearly 8,000 stores across Europe and the United States, employing over 410,000 people.

The company has reported yearly revenues of approximately $100 billion, and in the American market, it operates under brands such as Food Lion, Stop & Shop, Giant Food, and Hannaford.

On November 8, 2024, Ahold Delhaize issued a public statement disclosing a cybersecurity incident that forced it to take IT systems offline for protection.

“This issue and subsequent mitigating actions have affected certain Ahold Delhaize USA brands and services including a number of pharmacies and certain e-commerce operations,” stated Ahold Delhaize at the time.

Yesterday, the ransomware group INC Ransom added Ahold Delhaize to its data leak extortion site on the dark web, which included samples of documents they allegedly stole from the company.

Responding to our request for a comment on this development, a spokesperson for the firm confirmed that there had been a data breach but didn’t comment on whether ransomware was involved in the attack.

Ahold Delhaize noted that the investigation into the incident remains ongoing, and if customer data is confirmed to have been impacted, those persons will be notified accordingly.

“If we determine that personal data was impacted, we will notify affected individuals as appropriate. In addition, we have notified and updated law enforcement,” stated Ahold Delhaize.

Meanwhile, the spokesperson confirmed that all their stores and e-commerce services remain open and operational, so customers shouldn’t face problems.

INC Ransom has focused its attacks on U.S.-based organizations lately, with a member tracked by Microsoft as ‘Vanilla Tempest’ targeting U.S. healthcare providers.

Most recently, INC Ransom took responsibility for an attack at the State Bar of Texas that warned its 100,000 members that hackers had stolen their sensitive data.