2 days Ago
Like any business worth its salt, food retailer Ahold Delhaize, operator of 2,000 supermarkets along the East Coast from Maine to Georgia, had assessed its exposure and defenses accordingly. Then a “network issue” hit early this month, clarified a few days later to be a “cybersecurity issue,” and it has taken some time to restore order at Ahold’s five supermarket chains: Hannaford and Stop & Shop in New York and New England; Food Lion in the Southeast; and Giant and The Giant Co. in the Mid-Atlantic.
At some stores, payment and pharmacy services were affected for a time; at others, inventories ran low. Locally, Hannaford’s website was unavailable for 10 days to take grocery orders. All stores remained open, though.
Ahold, which is based in the Netherlands and operates a dozen other grocery chains in Europe, has been tight-lipped about the disruption, other than to say it was confined to the U.S. holdings.
“External cybersecurity experts” were engaged after detection, according to the company, and law enforcement was notified. About 60% of Ahold’s overall revenue comes from its U.S.
stores, and some 8% of U.S. sales occur online.
U.S. sales totaled $59 billion in 2023.
Just a day before problems began, Ahold posted 2024 third-quarter results in a 33-page report that included a short narrative on “risks and uncertainties.” Listed among them were geopolitical tensions and weather events like Hurricane Helene, which pummeled the Southeast. Readers were directed to the annual report released in February for a more comprehensive analysis of the principal risks, and it is there that Ahold lays out and categorizes them as strategic, operational, compliance, governance and financial.
Cybersecurity falls into the operational bucket, and is rated as critical with the risk trend increasing. A “critical” rating is described as having the potential for a permanent, negative impact on global or local brand reputation and/or costing more than $100 million. Ahold says in the annual report that by integrating in-store and online operations for a more seamless, omnichannel shopping experience, its “attack surface” has grown, drawing more attempts by outsiders to access systems.
“And, although there has been no direct impact to our organization to date” — remember, this was in early 2024 — “there has been a continued increase in the frequency and size of payouts by companies whose systems and data have been exploited by malicious hackers.” The annual report says Ahold has a global framework in place across regions and brands to mitigate risk, with prevention and detection measures that include employee training and the monitoring of third-party service providers. “We consistently improve, tighten and invest in our cyber-defense capabilities to keep pace with the evolving threats facing our company.
” The cost of this month’s disruption likely won’t be detailed by Ahold until release of fourth-quarter and full-year results, scheduled for Feb. 12. -.
