Search This Blog
Powered by Blogger.

Blog Archive

Labels

About Me

Load More
Trendy Right Now

Popular Posts

Showing posts with label Retail. Show all posts
Retail
Customer Information Data Breach food service Ransomware Retail

Ahold Delhaize Reports Major Data Breach Affecting Over 2 Million Employees in the U.S.

 


One of the world’s largest grocery retail groups has confirmed a major cyber incident that compromised sensitive information belonging to more than 2.2 million individuals across its U.S. operations.

The company, known for running supermarket chains like Food Lion, Giant Food, and Stop & Shop, revealed that a ransomware attack last November led to unauthorized access to internal systems. This breach primarily exposed employment-related data of current and former workers, according to a recent report filed with the Maine Attorney General’s office.


What Information Was Exposed?

While not everyone affected had the same type of data compromised, the company stated that hackers may have accessed a combination of the following:

• Full names and contact details

• Birth dates

• Government-issued ID numbers

• Bank account details

• Health and workers’ compensation records

• Job-related documents


The breach does not appear to involve customer information, according to the company’s internal review. In Maine alone, over 95,000 individuals were impacted, triggering formal notification procedures as required by law.


Company’s Response and Next Steps

Following the discovery of the breach on November 6, 2024, Ahold Delhaize immediately launched an investigation and worked to contain the attack. Temporary service disruptions were reported, including issues with pharmacies and delivery services.

To assist those affected, the company is offering two years of free credit and identity monitoring through a third-party provider. It has also engaged external cybersecurity experts to further review and enhance its systems.


Ransomware Group Possibly Involved

Although Ahold Delhaize has not officially identified the group behind the attack, a ransomware operation known as INC Ransom reportedly claimed responsibility earlier this year. Files believed to be taken from the company were published on the group’s leak site in April.

Cybersecurity professionals say the exposed information could be used for identity theft and financial fraud. Experts have advised affected individuals to monitor their credit reports and, where possible, lock their credit files as a precautionary measure.


A Growing Concern for the Sector

Cyberattacks on retail and food service companies are becoming more frequent and severe. According to researchers, this incident stands out due to the unusually high number of records affected. The average breach in this sector usually involves far fewer data points.

Security specialists say such events highlight the urgent need for stronger protection strategies, including multi-factor authentication, network segmentation, and stealth technologies that reduce exposure to cyber threats.


Ahold Delhaize at a Glance

Headquartered in the Netherlands and Belgium, Ahold Delhaize operates more than 9,400 stores worldwide and serves roughly 60 million customers each week. In 2024, the company recorded over $100 billion in global sales.

As the investigation continues, the company has pledged to strengthen its data safeguards and remain vigilant against future threats.

Read more »
Vulnerability
Breach Cyber Security Data DragonForce MSP Ransomware Retail SimpleHelp Sophos Vulnerability

DragonForce Targets MSPs Using SimpleHelp Exploit, Expands Ransomware Reach

 


The DragonForce ransomware group has breached a managed service provider (MSP) and leveraged its SimpleHelp remote monitoring and management (RMM) tool to exfiltrate data and launch ransomware attacks on downstream clients.

Cybersecurity firm Sophos, which was brought in to assess the situation, believes that attackers exploited a set of older vulnerabilities in SimpleHelp—specifically CVE-2024-57727, CVE-2024-57728, and CVE-2024-57726—to gain unauthorized access.

SimpleHelp is widely adopted by MSPs to deliver remote support and manage software deployment across client networks. According to Sophos, DragonForce initially used the compromised tool to perform system reconnaissance—gathering details such as device configurations, user accounts, and network connections from the MSP's customers.

The attackers then moved to extract sensitive data and execute encryption routines. While Sophos’ endpoint protection successfully blocked the deployment on one customer's network, others were not as fortunate. Multiple systems were encrypted, and data was stolen to support double-extortion tactics.

In response, Sophos has released indicators of compromise (IOCs) to help other organizations defend against similar intrusions.

MSPs have consistently been attractive targets for ransomware groups due to the potential for broad, multi-company impact from a single entry point. Some threat actors have even tailored their tools and exploits around platforms commonly used by MSPs, including SimpleHelp, ConnectWise ScreenConnect, and Kaseya. This trend has previously led to large-scale incidents, such as the REvil ransomware attack on Kaseya that affected over 1,000 businesses.

DragonForce's Expanding Threat Profile

The DragonForce group is gaining prominence following a string of attacks on major UK retailers. Their tactics reportedly resemble those of Scattered Spider, a well-known cybercrime group.

As first reported by BleepingComputer, DragonForce ransomware was used in an attack on Marks & Spencer. Shortly after, the same group targeted another UK retailer, Co-op, where a substantial volume of customer data was compromised.

BleepingComputer had earlier noted that DragonForce is positioning itself as a leader in the ransomware-as-a-service (RaaS) space, offering a white-label version of its encryptor for affiliates.

With a rapidly expanding victim list and a business model that appeals to affiliates, DragonForce is cementing its status as a rising and formidable presence in the global ransomware ecosystem.
Read more »
ScatteredSpider
Cyberattack Cybersecurity Data Breach DragonForce Extortion Hacking Ransomware Retail ScatteredSpider

Marks & Spencer Cyberattack Fallout May Last Months Amid Growing Threat from Scattered Spider

 

Marks & Spencer is facing prolonged disruption after falling victim to a large-scale cyberattack. Experts warn that restoring normal operations could take months, highlighting a growing trend of sophisticated breaches targeting major retailers. This incident follows a wave of cyber intrusions, including those at Co-op and Harrods, allegedly orchestrated by the same hacking collective — Scattered Spider.

Described by ITPro as “the name on every security practitioner's mind right now,” Scattered Spider has gained notoriety for its aggressive tactics and global reach.

“Scattered Spider is one of the most dangerous and active hacking groups we are monitoring,” said Graeme Stewart of Check Point to Sky News.

Believed to be composed mainly of young, English-speaking individuals based in the UK and US, the group has reportedly executed over 100 cyberattacks since emerging in 2022. These attacks span sectors like telecommunications, finance, retail, and gaming.

One of their most prominent exploits occurred in 2023, when they severely disrupted two leading casino operators. Caesars Entertainment reportedly paid about $15 million to recover access, while MGM Resorts suffered estimated damages of around $100 million due to compromised customer data.

What makes Scattered Spider particularly elusive is its decentralized structure and independence from state backing. “They operate more like an organised criminal network, decentralised and adaptive,” Stewart added. Even after multiple arrests in the US and Europe, the group continues to rebound swiftly. “This is not a loose group of opportunistic hackers,” he emphasized.

Rather than relying solely on software flaws, Scattered Spider frequently exploits human error. The M&S and Co-op attacks, for example, were the result of “social engineering,” where attackers manipulated employees into revealing credentials.

Their tactics include mimicking corporate emails, sim swapping (cloning a phone number to hijack accounts), and building convincing fake login portals. “This is akin to ‘breaking down the front door’ of networks,” Paul Cashmore, CEO of Solace Cyber, told The Times. Once inside, Scattered Spider typically partners with ransomware gangs to carry out the final blow.

In these recent cases, the group appears to have collaborated with DragonForce, a ransomware cartel. Initially known as a pro-Palestinian hacktivist group based in Malaysia, DragonForce now operates a “ransomware-as-a-service” model. According to Bleeping Computer, they allow affiliates to use their tools and infrastructure in exchange for 20-30% of ransom payments.

The core motivation is financial gain. DragonForce reportedly reached out to the BBC claiming the Co-op breach was more severe than disclosed, hinting at an extortion attempt.

Organizations like the Co-op, which house personal data of millions, are prime targets. Once a system is locked, hackers demand large ransoms in return for decryption tools and promises to delete stolen data. “If a ransom is not paid, the ransomware operation typically publishes the stolen data on their dark web data leak site,” Bleeping Computer explained.

Whether or not to pay remains a complex dilemma. “Paying may provide a quick way to restore operations, protect customer data and limit immediate financial and reputational damage,” noted The Times. However, it also risks emboldening cybercriminals and marking companies as future targets.
Read more »
Supermarket
Cybersecurity Data Breach Ransomware Retail Supermarket

Ahold Delhaize Confirms Data Breach Following Cyberattack in U.S. Operations

 

Ahold Delhaize, one of the globe’s leading food retail giants, has officially acknowledged a data breach involving sensitive information from its U.S. operations following a cyberattack in November 2024.

The confirmation followed after ransomware group INC Ransom listed the company on its leak site, sharing alleged stolen documents as proof of the breach.

"Based on our investigation to date, certain files were taken from some of our internal U.S. business systems," a spokesperson for Ahold Delhaize told BleepingComputer. "Since the incident was detected, our teams have been working diligently to determine what information may have been affected."

In November 2024, Ahold Delhaize had disclosed a cybersecurity breach that prompted the temporary shutdown of segments within its IT infrastructure. The disruption impacted some of its U.S. brands and services, including pharmacies and e-commerce operations.

"This issue and subsequent mitigating actions have affected certain Ahold Delhaize USA brands and services including a number of pharmacies and certain e-commerce operations," the company stated at the time.

The investigation remains ongoing. The company has assured that if any personal data is confirmed to be compromised, affected individuals will be notified accordingly.

"If we determine that personal data was impacted, we will notify affected individuals as appropriate. In addition, we have notified and updated law enforcement," Ahold Delhaize added.

While the full impact is yet to be determined, the company emphasized that all stores and online platforms are functioning normally. The spokesperson confirmed that customers should not expect any disruptions as a result of the breach.

As a Dutch-Belgian multinational with over 7,900 stores across Europe, the U.S., and Indonesia, Ahold Delhaize caters to around 72 million shoppers each week, making the protection of customer data critical.
Read more »
Subscribe to: Posts (Atom)