Dollar Tree, a discount store chain operating across 23,000 locations in the United States and Canada, faced the repercussions of a third-party data breach that affected 1,977,486 individuals. The breach occurred as a result of a cyberattack on Dollar Tree’s service provider, Zeroed-In Technologies.
According to a data breach notification shared with Maine’s Attorney General, Zeroed-In experienced a security incident between August 7th and 8th, 2023. During this breach, threat actors gained unauthorized access to data containing the personal information of Dollar Tree and Family Dollar employees.
Although the investigation determined system access, the exact files accessed or taken by the unauthorized actors could not be entirely confirmed, leading Zeroed-In to review system contents to assess the information present during the incident and its corresponding individuals.
The stolen data comprises names, dates of birth, and Social Security numbers (SSNs) of the affected individuals. Zeroed-In promptly notified impacted individuals and provided guidance on enrolling in a twelve-month identity protection and credit monitoring service.
In response to inquiries, a spokesperson for Family Dollar, a part of Dollar Tree, affirmed Zeroed-In’s role as a vendor and their notification regarding the security incident, addressing current and former employees’ awareness.
Apart from Dollar Tree and Family Dollar, other clients of Zeroed-In might have also been affected by the breach, though confirmation of this remains pending.
