Ahold Delhaize Data Breach Affects PII and PHI of over 2.2 Million

Ahold Delhaize USA Services, LLC, a support services provider for several major grocery brands, experienced a massive data breach affecting 2,242,521 individuals, including both current and former employees of several companies.

Ahold Delhaize USA Services discovered the cybersecurity incident on November 6, 2024 and an investigation determined an unauthorized third party obtained certain files from an internal U.S. file repository between November 5 and 6, 2024.

The data breach exposed both personally identifiable information (PII) and protected health information (PHI). Compromised information includes names, contact information, dates of birth, Social Security numbers, driver's license numbers, financial account information, health and medical information.

The breach includes current and former employees and other individuals associated with several current and former Ahold Delhaize USA companies.

• BI-LO, Inc.
• Bottom Dollar Food Northeast, LLC
• Bradlees, Inc.
• Bruno’s Supermarkets, Inc.
• Delhaize America Supply Chain Services
• Delhaize America, LLC
• Food Lion, LLC d/b/a Food Lion and Bloom
• Fresh Direct, LLC
• Fresh Formats, LLC
• Hannaford Bros. Co., LLC
• The Giant Company, LLC
• Giant of Maryland, LLC
• Guiding Stars License Company, LLC
• J.H. Harvey Co., LLC
• Kash n’ Karry Food Stores, LLC d/b/a Sweetbay Supermarkets
• Mayfair Super Markets, Inc.
• Peapod, LLC
• Peapod Digital Labs, LLC
• Purity Supreme, Inc.
• The Stop & Shop Supermarket Company, LLC
• Tops Markets, LLC d/b/a Tops, Finast, Edwards and Metro
• Ahold Delhaize USA Distribution, LLC
• Ahold Delhaize USA Supply Chain Services, LLC
• Ahold Delhaize USA Transportation, LLC
• Ahold Delhaize USA, Inc.
• Ahold e-Commerce Sales Company, LLC
• Ahold Financial Services, LLC
• Ahold Information Services, Inc.
• Ahold Real Estate Company, LLC
• American Sales Company, LLC
• Certain independently operated stores

The data breach was disclosed to the California, Maine, Massachusetts and Montana Attorney Generals' offices on June 26, 2025. Affected individuals include 95,463 in Maine, 2,178 in Montana and 77,112 in Massachusetts.

Ahold Delhaize USA Services' response

In addition to the required state disclosures, Ahold Delhaize USA Services published a Cybersecurity Issue Update on its website. Affected individuals were notified by mail on June 26, 2025.

If you receive notification from Ahold Delhaize USA Services or your employer about this breach, you may want to:

• Carefully review any notice or communication you receive and sign up for the two years of free credit monitoring and identity protection services offered.
• Monitor financial accounts and credit reports for signs of identity theft.
• Consider placing fraud alerts or credit freezes with major credit bureaus.
• Be cautious of unsolicited emails or phone calls requesting personal information.

For more information about the company and its grocery brands, visit the Ahold Delhaize USA Services website.