Over 2.2 Million Affected by Ahold Delhaize Data Breach Featured
Cyberattack compromised employee personal identities across major U.S. grocery brands.
A massive data breach at Ahold Delhaize USA Services, LLC has exposed sensitive personal and health-related information of more than 2.2 million individuals across the United States. If you or a family member ever worked for brands such as Food Lion, Giant Food, Hannaford, Stop & Shop, or related Ahold Delhaize companies, your data may have been compromised—and you may have a legal right to join a class action lawsuit.
What Happened?
On November 6, 2024, Ahold Delhaize USA Services detected unauthorized access to internal U.S. business systems. According to the company, an investigation revealed that an unknown actor accessed sensitive internal files between November 5 and 6, containing employment-related data for current and former employees and their family members.
While Ahold Delhaize has not explicitly confirmed that the breach involved ransomware, independent reports strongly suggest it was a ransomware attack involving data theft and extortion. This type of attack, known as double extortion ransomware, involves both encrypting internal systems and stealing data to demand payment—often under threat of releasing it on the dark web.
The breach was reported to the Maine Attorney General’s office as affecting 2,242,521 individuals, and notification letters began going out on June 26, 2025—nearly eight months after the breach occurred.
What Information Was Exposed?
The data breach compromised a broad range of personally identifiable information (PII) and protected health information (PHI). Depending on the individual, exposed data may include:
- Full name, address, email, and phone number
- Date of birth and Social Security number
- Driver’s license or passport numbers
- Bank account details and financial information
- Employment-related data
- Medical and health records, including workers’ compensation information
The severity and sensitivity of the data raise significant concerns over identity theft, fraud, and long-term privacy risks.
Widespread Impact
According to reports filed with various state Attorneys General, the breach has impacted tens of thousands in multiple states, including over 95,000 in Maine, 77,000 in Massachusetts, and more than 120,000 in South Carolina. This incident is among the largest breaches of employment data in 2025 to date and has put Ahold Delhaize’s data handling practices under scrutiny.
What is Ahold Delhaize Doing To Protect My Identity?
Ahold Delhaize has taken several steps in the wake of the attack:
- Partnered with cybersecurity experts to secure its systems
- Informed affected individuals and regulators
- Offered two years of complimentary credit monitoring and identity theft protection services
- Issued a public notice and FAQs via its website to assist individuals in taking proactive steps to protect themselves
Despite these efforts, critics note that it took nearly eight months from discovery of the breach to begin notifying affected individuals—a delay that may have exposed many to prolonged risk.
Your Legal Rights: Join a Class Action Lawsuit
If you received a breach notification—or believe your information was included—you must act immediately to protect yourself. You may be also be eligible to join a class action lawsuit seeking compensation and accountability from Ahold Delhaize. Legal action may provide:
- Compensation for time spent dealing with the breach
- Reimbursement of out-of-pocket expenses
- Damages for emotional distress or invasion of privacy
- A court-ordered mandate to improve Ahold Delhaize’s data security practices
To participate in the class action and secure your rights, please fill out the form below and a data breach attorney will contact. There is no obligation on your part nor is there a charge.