The names, dates of birth and Social Security numbers belonging to individuals associated with Dollar Tree and Family Dollar have been exposed in a recent cyberattack.
Dollar Tree Inc. has experienced a data breach that exposed the names, dates of birth and/or Social Security numbers of former and current Dollar Tree and Family Dollar employees.
The breach originated with Dollar Tree’s third-party service provider, Zeroed-In Technologies. The Linthicum, Md.-based workforce analytical services provider fell victim to a security incident back in August.
According to a filing with the Maine Attorney General’s Office: “On Aug. 8, 2023, Zeroed-In discovered suspicious activity related to certain network systems. Zeroed-In immediately took steps to secure the systems and launched an investigation into the nature and scope of the activity. Through the investigation, it was determined that an unauthorized actor gained access to certain systems between Aug. 7, 2023 and Aug. 8, 2023.”
A Dollar Tree representative provided the following statement to Progressive Grocer: "Zeroed-In is a vendor that we and other companies use. They informed us that they identified a security incident, and they provided notice of the incident to current and former employees."
It’s unclear how many Dollar Tree and Family Dollar employees are affected in total, although 7,034 were listed on the breach notice for the state of Maine.
The Zeroed-In breach is believed to have affected roughly 2 million individuals in total.
[Read more: "Weis Markets Responds to Data Incidents at 2 Locations"]
The individuals who were affected are being offered 12 months of free credit-monitoring services through TransUnion as well as proactive fraud assistance.
Stolen data such as names, Social Security numbers and birthdays can be used for identity theft, which thieves can use to commit crimes under an individual's name or to damage a person's reputation. The Identity Theft Resource Center tracked 2,116 data compromises in the first three quarters of 2023, breaking the all-time high of 1,862 compromises in 2021.
According to The Street, hackers can also use stolen data to make a profit by selling it to the dark web. For example, a Social Security number can sell for roughly $1 each on the dark web, according to an estimate from Keeper Security. Complete medical records are the most profitable for cybercriminals as they can sell for up to $1,000 each.
Chesapeake, Va.-based Dollar Tree operates 16,476 Dollar Tree and Family Dollar stores across 48 states and five Canadian provinces as of July 29. The company is No. 21 on The PG 100, Progressive Grocer’s 2023 list of the top food and consumables retailers in North America.