Albert Heijn parent company hit by major ransomware attack, hackers steal data

Ahold Delhaize, the parent company of Albert Heijn, has confirmed a major ransomware attack, with the hacking group INC Ransom claiming responsibility. The group, reportedly linked to Russia, stole 6 terabytes of data and has threatened to release it, although their demands are unclear, according to BNR.

The company stated that the attack is related to a breach first detected in November 2023, which had been reported as an "American incident" at the time. Despite taking steps to secure its systems at the time, Ahold Delhaize confirmed that the hackers were still able to access and steal data. The company did not comment on whether INC Ransom had made contact with them recently.

The nature of the data stolen remains uncertain, but some documents, including confidential material, have already been leaked. These documents contain old data such as non-disclosure agreements from individuals who visited Ahold Delhaize locations, as well as identification documents of people associated with the company. The hacking group, which operates on the dark web, has made these documents available, further fueling the threat.

Peter Lahousse, an ethical hacker who reported the breach to BNR, noted that the stolen data appears to be dated. “They are starting by leaking old data,” Lahousse said. “The longer this continues, the more will be released.” Though the documents initially seem to be American, INC Ransom claims to have also obtained documents related to the Netherlands.

The American division of Ahold Delhaize had previously reported disruptions to pharmacies and online retail channels in the United States as a result of the hack. These issues stemmed from the breach, which had affected operations on multiple fronts.

The hacking group INC Ransom, active since the summer of 2023, has been linked to a series of cyberattacks targeting various organizations. In 2023, the group notably attacked a children's hospital in Liverpool. Healthcare organizations are a common target for the group. Although the exact origins of INC Ransom remain unclear, many cybersecurity experts believe the group operates out of Russia.