Dollar Tree Hit By Third-Party Data Breach Impacting 2 Million People

Dollar Tree was impacted by a third-party data breach stemming from the hack of service provider Zeroed-In Technologies. According to Bleeping Computer, nearly two million customers have been affected. "The information stolen during the attack includes names, dates of birth, and Social Security numbers (SSNs)." From the report: According to a data breach notification shared with the Maine Attorney General, Dollar Tree's service provider, Zeroed-In, suffered a security incident between August 7 and 8, 2023. As part of this cyberattack, the threat actors managed to steal data containing the personal information of Dollar Tree and Family Dollar employees. "While the investigation was able to determine that these systems were accessed, it was not able to confirm all of the specific files that were accessed or taken by the unauthorized actor," reads the letter sent to affected individuals. "Therefore, Zeroed-In conducted a review of the contents of the systems to determine what information was present at the time of the incident and to whom the information relates."

The information stolen during the attack includes names, dates of birth, and Social Security numbers (SSNs). Zeroed-In has notified the affected individuals and enclosed instructions on enrolling in a twelve-month identity protection and credit monitoring service. Other Zeroed-In customers apart from Dollar Tree and Family Dollar may have also been impacted by the security breach, but this hasn't been confirmed yet. Meanwhile, the scale of the data breach has already triggered investigations from law firms looking into a potential class-action lawsuit against Zeroed-In.

Dollar Tree Customers

[PPH]

The information stolen during the attack includes names, dates of birth, and Social Security numbers (SSNs).

How do they come to possess such customer data? The most valuable thing that I'd hand over in a transaction with them has a picture of George Washington on it. Maybe Lincoln if I'm feeling particularly pecunious.

Re:Dollar Tree Customers

[VampireByte]

I think the summary is incorrect in stating "customers" because the article says it was employee data.

Re:Dollar Tree Customers

[Shakrai]

I'm torn between my usual bitch about the absurdity of thinking 12 months of a shitty credit "monitoring" service (they do nothing you can't do for yourself) is just compensation for these data breaches and just throwing up my hands in despair and saying "Fuck it"

It's already out there anyway thanks to these assholes [equifax.com]. Were I dictator for a day, I'd pass a law making the freezing of credit reports the default and do away with the absurd American notion that you can validate someone's identity with SSN + DOB and (occasionally) a handful of questions from public records databases any sufficiently motivated person with Google could figure out.

I can't buy fucking beer without surrendering my driver's license (semi-related bitch: nowadays, retailers frequently scan it without revealing how long they're keeping the data or what they're using it for, *sigh*, have we learned nothing?) but I can open a five digit line of credit by providing two bits of information already known to be compromised?

Re:

[drinkypoo]

Dunno about where you are but where I am (Humboldt County, CA) the only retailer that scans my card is Grocery Outlet. Literally nowhere else scans my ID for alcohol; Not liquor stores, nor gas stations, nor other food markets.

I've been assuming that the places that do it have been busted selling to minors repeatedly, but maybe they're just monetizing my PII.

Re:

[Shakrai]

They ALL scan the ID here.

I give them my passport card [wikipedia.org], which lacks a scannable barcode. 9 out of 10 times that creates additional drama because they then need a manager override to clear you through the point of sale system. The logic of this escapes me. They might claim they're trying to prevent underage sales but what stops a nefarious cashier from simply scanning anyone's valid ID to clear a sale for an underage friend?

but maybe they're just monetizing my PII

This is why I refuse to play ball with it. Post a privacy policy and tell me wh

Re:

[radarskiy]

The breach is at Zeroed-In, so "customers" refers to customers of Zeroed-In and "customer data" refers to data on the employees of customers of Zeroed-In.

I got a Mountain Holler habit

[byronivs]

They're gonna find out about it.

Is it really a breach?

[Burdell]

Or did somebody just stumble over a box of hard drives in the aisle while trying to get their overpriced and undersized goods?

Re:

[freeze128]

If you think Dollar Tree is "overpriced", I would like to know where you normally shop.

Re:

[Burdell]

It's overpriced for what you get. I read recently someone compared price-per-unit between dollar stores and big-box (Wal-Mart and Target) discount stores - the dollar stores were always more expensive. You paid less at the dollar stores, but the amount of product you got was significantly less. Like soap - you might get 4oz of soap for $1 at the dollar stores, but you'd get 12oz of soap for $2 at the big-box stores. That's what I call overpriced.

Employees + family = 2 million!?!?

[G00F]

How the.... I didn't even think they had more customers than 2 million let alone employees and family?I work for a large company with ~11,000 employees, pretend each employee represented a family of 4 and claim 100% replacement rate over 10 years that's only 88,000...

Re:

[VampireByte]

Do you have a Dollar Tree near you? The employee turnover in those stores is amazing, it's like almost everybody in town has worked there at some point for a few weeks and quit.

Re:

[pixelpusher220]

16,000+ stores.

Re:

[unrtst]

Even more...
16,000+ stores for Dollar Tree.
8,200+ stores for Family Dollar.