Skip to main content
data on computer screen

Dollar Tree Data Breach Investigation

Written by Joseph Lyon on . Posted in Data Breach.

The data privacy lawyers at The Lyon Firm are investigating a recently reported data breach allegedly involving 1.2 terabytes of stolen Dollar Tree data. The breach has been claimed by the INC Ransom ransomware group, and if confirmed, could potentially impact a large amount of sensitive personal and corporate data. Victims are urged to take proactive steps to minimize privacy risks, and to contact an experienced data breach attorney to learn more about filing class action data breach claims.

What Happened at Dollar Tree?

The Dollar Tree data breach was first reported when INC Ransom posted the company’s name on its dark web leak site, claiming to have compromised the company’s systems. The group alleges it extracted a large amount of data, including payroll forms, job letters, legal correspondence, and complaints detailing sensitive employee issues like harassment and discrimination.

Initial reports suggest the incident may be linked to Dollar Tree’s 2024 acquisition of 99 Cents Only Stores, with stolen data possibly originating from the acquired entity’s legacy systems. IT is important to note that Dollar Tree has contested these claims and has not officially confirmed the breach.

The exposure of any personal data poses serious privacy risks, particularly when coupled with Social Security numbers and other personal details. Victims’ risk of fraud and identity theft increase dramatically following data theft incidents. The Dollar Data data’s potential sale on the dark web, a common ransomware tactic, extends the threat, with sensitive records being quite valuable. The allegedly leaked dataset includes the following:

  • Employee Personally Identifiable Information (PII), including a passport card
  • Confidential employment offer letters containing salary information
  • Human Resources documents, such as associate separation forms
  • Internal records detailing harassment and discrimination allegations
  • Confidential legal communications with law firms
  • Signed Non-Disclosure Agreements (NDAs)
  • Internal company handbooks and policies

What Should you do Following a data breach?

Victims of data theft events can take certain precautions to protect themselves and loved ones, including the following:

  • Enroll in Credit Monitoring: Sign up for any free services offered to track credit report changes and receive fraud alerts.
  • Freeze Your Credit: Contact Equifax, Experian, and TransUnion to lock credit files, preventing new account openings without consent.
  • Monitor Financial Accounts: Regularly check bank statements, credit cards, and medical bills for unauthorized transactions or charges.
  • Strengthen Online Security: Update passwords to unique, strong combinations and enable two-factor authentication (2FA) on all accounts.
  • Beware of Phishing: Be cautious of emails or calls claiming to address the breach.
  • Shred Sensitive Documents: Dispose of physical records securely to prevent additional exposure.
  • Consider Taking Legal Action: Consult an attorney and consider filing a data breach lawsuit if damages occur, as class actions can seek compensation and punitive damages.

Victims of any data security incident should remain vigilant, as the full ramifications may unfold over time, turning a privacy crisis into a personal call to action. Our data privacy lawyers have settled numerous data breach lawsuits, and we represent clients in all fifty states.