Hackers Stole Our Data. Why Didn't Hannaford Warn Us Immediately?
In November 2024, while customers shopped for groceries ahead of the holidays, Hannaford’s parent company, Ahold Delhaize USA, was quietly hit by one of the largest corporate data breaches of the year. What began as a “cybersecurity issue” disrupting debit payments and online orders turned out to be a catastrophic failure of corporate responsibility that left more than 2.24 million people exposed — including over 95,000 Mainers.
According to reports, hackers gained unauthorized access to Ahold Delhaize USA’s internal file repositories between November 5 and 6, 2024, stealing names, Social Security numbers, driver’s license information, and even health and bank account details. The company confirmed in April 2025 that sensitive employment and family data had been taken. By June, the breach ranked among the largest ransomware attacks on a U.S. company in 2024, according to cybersecurity firm Comparitech.
For days, some stores couldn’t process debit or gift card transactions; websites were offline; deliveries were delayed. Meanwhile, Ahold Delhaize insisted that stores continued to serve customers. “The security of our customers, associates and partners is a top priority," it said — a familiar refrain from a corporation more focused on appearances than accountability.
A Corporate Pattern: Delay and Distract
When the breach first became public, Ahold Delhaize USA downplayed its severity. The company released a carefully worded statement acknowledging a “cybersecurity issue” and promising to “assess and mitigate” the problem. But months later, the truth came out. Millions of employees, dependents, and customers had their most personal information compromised and were only offered two years of credit monitoring as compensation.
According to Woods Lonergan LLC., a law firm specializing in class action data breach lawsuits and data privacy litigation, it took “approximately seven months since the breach was discovered for Ahold Delhaize to begin notifying the over 2.2 million affected individuals.” “This prolonged period,” the firm explains, left “former and current employees vulnerable to potential misuse of their data without timely awareness.”
This response mirrors Ahold Delhaize’s broader pattern of negligent behavior. Whether it’s ignoring customers’ complaints about product quality or breaking promises on animal welfare, the company consistently waits for public outrage to subside before quietly moving on. Hannaford and Ahold Delhaize’s other stores market themselves as community-minded and sustainable, but when crises strike, transparency and responsibility vanish behind corporate PR spin.
In Maine alone, tens of thousands of families are now living with the fear that their private data could be sold or used for identity theft. For Hannaford employees — from cashiers to pharmacy staff — the betrayal cuts even deeper.
Even as news of the breach broke, Ahold Delhaize reported higher than expected profits — €23.28 billion ($26.41 billion) in the last quarter of 2024.
An Eroding Brand in New England
Data breaches aren’t inevitable acts of nature; they are symptoms of neglect. In the digital age, protecting consumer data is as basic a responsibility as keeping food safe to eat. But Ahold Delhaize’s failure to invest adequately in cybersecurity mirrors its failure to invest in the well-being of customers, workers, and animals.
It’s no wonder the breach has cost Hannaford some brand loyalty. In a recent survey conducted by the New England Consumer Alliance, 86% of Hannaford customers report concerns about using their credit cards after learning that the previous data breach compromised sensitive information.
