- Trump taps Sriram Krishnan for AI advisor role amid strategic shift in tech policy
- Interpol Identifies Over 140 Human Traffickers in New Initiative
- 5 network automation startups to watch
- 4 Security Controls Keeping Up with the Evolution of IT Environments
- ICO Warns of Festive Mobile Phone Privacy Snafu
Thousands of Dollar Tree Staff Hit by Supplier Breach
A major data breach at IT provider Zeroed-In Technologies has impacted two million end users, including thousands of Dollar Tree and Family Dollar employees, the firm has admitted.
A breach notification published by the Office of the Maine Attorney General revealed that a total of 1,977,486 users were impacted by the incident on August 7-8 2023.
“Through the investigation, we determined that an unauthorized actor gained access to certain systems between August 7, 2023, and August 8, 2023. While the investigation was able to determine that these systems were accessed, it was not able to confirm all of the specific files that were accessed or taken by the unauthorized actor,” the noticed explained.
“Therefore, Zeroed-In conducted a review of the contents of the systems to determine what information was present at the time of the incident and to whom the information relates.”
Read more on supplier breaches: Just 3% of UK Firms Escaped a Supply Chain Breach in 2021
The workforce analytical services provider found that names, dates of birth and Social Security numbers were stolen by the threat actor. It is offering free credit monitoring services for a year to affected individuals.
However, these details could be highly monetizable for fraudsters, particularly Social Security details which are useful for opening new credit lines and bank accounts.
It’s unclear how many Dollar Tree and Family Dollar employees are impacted in total, although 7034 were listed on the breach notice for the state of Maine.
According to lawyers at The Lyon Firm, the Zeroed-In platform is used by more than 70 businesses and has over 30,000 registered users.
The firm is currently mulling legal action to recover damages and hold negligent parties to account – a common risk for breached organizations.
“We strongly believe that any organization that collects and stores your personal data has a duty to protect it with reasonably secure IT data security,” it wrote. “Should data security systems fail and sensitive personal data is breached, legal action may be necessary.”
Image credit: Jonathan Weiss / Shutterstock.com