Ahold Delhaize has admitted that hackers may have captured personal data from employees of its Dutch chains Albert Heijn, Etos and Gall & Gall. However, it maintains that no customer data were stolen in the ransomware attack.
Many employees affected
In an update on the ransomware attack in which millions of documents were stolen from the group’s US-based servers in November last year, Ahold Delhaize has now admitted that it is possible that some Dutch employee data was also in the affected files.
“At this time, we believe that many associates who were working for Ahold Delhaize Group, Ahold Delhaize Europe & Indonesia (EBS), Albert Heijn, Etos, Gall & Gall and the Ahold Delhaize Coffee Company in the Netherlands and who were on the payroll in April 2021 may have been affected by this issue. At this time we have no evidence that bol associates, or employees of franchisees of Albert Heijn, Etos or Gall & Gall have been affected. Furthermore, at this time we do not have evidence that customer data from Albert Heijn, Etos, Gall & Gall and bol were impacted.”
Biggest data breach in a long time
INC Ransom, a hacker group allegedly linked to Russia, claims that it stole more than six terabytes of data, making Ahold Delhaize the victim of the biggest data breach in a long time. The hackers are threatening to make all the data public if the retailer does not pay a substantial ransom. According to an internal email that Dutch newspaper AD was able to access, the data would include names, bank account numbers and the amount of the salary payment from early April 2021.
Ahold Delhaize has informed the Dutch Personal Data Authority and took steps to inform affected individuals: “We sincerely apologise for this. We have opened a help desk so people can contact us about the issue. In our notification, we provided people with information they can use to help protect their information.”
