Retail giant Dollar Tree is the latest victim in a long list of supply-chain attacks.
In a data breach notification filed with the Maine Attorney General, the company’s service provider Zeroed-In Technologies was breached, and sensitive data from its client stolen.
Almost two million people were affected by the breach, the filing states, as names, dates of birth, and Social Security numbers (SSNs) were all taken. The attack apparently happened on August 7 and 8, this year.
Potential for class-action lawsuits
So far, it was confirmed that at least some of the data belonged to the employees of Dollar Tree and Family Dollar. There’s a possibility that data belonging to other Zeroed-In customers was also taken, but that hasn’t been confirmed at press time.
“While the investigation was able to determine that these systems were accessed, it was not able to confirm all of the specific files that were accessed or taken by the unauthorized actor,” the company said in a letter sent to the victims, BleepingComputer reports.
“Therefore, Zeroed-In conducted a review of the contents of the systems to determine what information was present at the time of the incident and to whom the information relates.”
Besides notifying the victims, Zeroed-In enrolled them in a year-long identity protection and credit monitoring service.
The media are also reporting that different law firms started investigating the breach to see if there is any potential for a class-action lawsuit against Zeroed-In.
Console & Associates, for example, set up a dedicated landing page saying “Our data breach lawyers are eager to speak to victims of the ZeroedIn Technologies data breach to determine what damages they sustained and what compensation may be available to them.”
The company is currently silent on the matter, as there is nothing on its newsroom site or Twitter. The type of attack that Zeroed-In suffered remains a mystery. We don’t know if it was infostealing malware, or if the company suffered a ransomware attack.
