Discount retailer Dollar Tree was hit by a data breach when third-party service provider Zeroed-In Technologies fell victim, affecting almost 2 million customers. It may probably be the biggest indirect damage of the hack throughout the last years.
Data Breach in Zeroed-In Affects Dollar Tree
Popular discount retailer Dollar Tree has revealed that they were impacted by a data breach from a cyberattack on one of their third-party vendors, Zeroed-In Technologies. The breach is believed to have exposed the personal details of almost 2 million people. It primarily consists of current and former Dollar Tree and Family Dollar employees.
The incident first came to light on November 21, 2023. Then, the company sent notification letters to those affected on behalf of Zeroed-In. According to the letter, Zeroed-In experienced a security breach in early August 2023. This resulted in unauthorized access to internal systems containing sensitive personal information.
Zeroed-In Hack Sets Up Multiple Companies
While Zeroed-In has not confirmed which files were accessed, their investigation determined next. The accessed systems contained names, dates of birth, and SSNs belonging to individuals associated with Dollar Tree and Family Dollar. This suggests a high likelihood that this sensitive data on nearly 2 million people may have been compromised.
In response to the data breach, Zeroed-In stated that they will provide victims with 12 months of identity protection and credit monitoring services free of charge. Additionally, the company is currently undertaking efforts to enhance its security and ensure better protection of data. When reached for comment, Family Dollar representatives provided the following statement:
This indicates Dollar Tree became aware of the breach after being contacted by the vendor once the incident had already occurred. As of now, no evidence points to Dollar Tree or Family Dollar’s systems being directly compromised. Moreover, no major cybercrime groups stated about hacking Dollar Tree. Which means the breach may not have as much impact as expected.
Legal Ramifications and Investigations
At this time, the full impact of the data breach remains unclear. While Dollar Tree has confirmed receiving notice of the incident, other clients of Zero-Tech have yet to disclose whether their data was involved as well. Nonetheless, the massive scale of the breach has already garnered high-profile attention from state Attorney Generals and class-action lawsuit attorneys seeking accountability for the security lapse.
Without prompt and effective response, diminished consumer trust in Dollar Tree’s ability to safeguard data can be anticipated. Legal experts warn that companies are still responsible for vetting and auditing the data security of third-party partners handling sensitive customer or employee information. So, failure to ensure adequate protection exposes organizations to legal, financial, and reputational damages in an incident like this.
Data Breach Trends are Concerning
This marks the third major retail data breach disclosed in 2023 alone, following incidents at Walmart and Wawa earlier this year. Despite retailers increasingly transitioning to EMV chip-enabled payment systems, cybercriminals continue finding alternative methods of monetizing consumer data. Law enforcement officials continue investigating the technical details surrounding this latest breach.
In the meantime, consumers worried their personal information was exposed in the Dollar Tree/Zeroed-In breach. In addition, they can enroll in the free identity protection services being offered. They also remain vigilant for any suspicious activity on their accounts. Experts also advise setting up fraud alerts and credit freezes. This is a helpful precaution until investigations shed more light on the scope and severity of stolen data.