Dollar Tree confirms significant data breach

In a data breach notification filed with the Maine Attorney General, the company’s service provider Zeroed-In Technologies was breached, and sensitive data from its client stolen over August 7 and 8 2023. 

Potential for class-action lawsuits

So far, it was confirmed that at least some of the data belonged to the employees of Dollar Tree and Family Dollar.

"While the investigation was able to determine that these systems were accessed, it was not able to confirm all of the specific files that were accessed or taken by the unauthorized actor," the company said in a letter sent to the victims, BleepingComputer reports. 

"Therefore, Zeroed-In conducted a review of the contents of the systems to determine what information was present at the time of the incident and to whom the information relates."

Besides notifying the victims, Zeroed-In enrolled them in a year-long identity protection and credit monitoring service.

The media are also reporting that different law firms started investigating the breach to see if there is any potential for a class-action lawsuit against Zeroed-In.

Console & Associates, for example, set up a dedicated landing page saying “Our data breach lawyers are eager to speak to victims of the ZeroedIn Technologies data breach to determine what damages they sustained and what compensation may be available to them.”

The company is currently silent on the matter, as there is nothing on its newsroom site or Twitter. The type of attack that Zeroed-In suffered remains a mystery. We don’t know if it was infostealing malware, or if the company suffered a ransomware attack.

More from TechRadar Pro

• Gulf Air hit with data breach, customer data possibly affected
• Here's a list of the best firewalls around today
• These are the best malware removal tools right now