- 칼럼 | 적절한 의도와 잘못된 주체…오픈AI '심플QA'의 한계
- I spent the weekend reading on Amazon's newest Kindle - and it's more capable than it looks
- One of the best cheap Android tablets I've tested isn't made by Samsung or TCL
- Traveling for the holidays? Google Maps uncovers 'hidden gems' to add to your route now
- Gemini Live is available to all iOS and Android users now - for free. How to try it
Thousands of Dollar Tree Staff Hit by Supplier Breach
A major data breach at IT provider Zeroed-In Technologies has impacted two million end users, including thousands of Dollar Tree and Family Dollar employees, the firm has admitted.
A breach notification published by the Office of the Maine Attorney General revealed that a total of 1,977,486 users were impacted by the incident on August 7-8 2023.
“Through the investigation, we determined that an unauthorized actor gained access to certain systems between August 7, 2023, and August 8, 2023. While the investigation was able to determine that these systems were accessed, it was not able to confirm all of the specific files that were accessed or taken by the unauthorized actor,” the noticed explained.
“Therefore, Zeroed-In conducted a review of the contents of the systems to determine what information was present at the time of the incident and to whom the information relates.”
Read more on supplier breaches: Just 3% of UK Firms Escaped a Supply Chain Breach in 2021
The workforce analytical services provider found that names, dates of birth and Social Security numbers were stolen by the threat actor. It is offering free credit monitoring services for a year to affected individuals.
However, these details could be highly monetizable for fraudsters, particularly Social Security details which are useful for opening new credit lines and bank accounts.
It’s unclear how many Dollar Tree and Family Dollar employees are impacted in total, although 7034 were listed on the breach notice for the state of Maine.
According to lawyers at The Lyon Firm, the Zeroed-In platform is used by more than 70 businesses and has over 30,000 registered users.
The firm is currently mulling legal action to recover damages and hold negligent parties to account – a common risk for breached organizations.
“We strongly believe that any organization that collects and stores your personal data has a duty to protect it with reasonably secure IT data security,” it wrote. “Should data security systems fail and sensitive personal data is breached, legal action may be necessary.”
Image credit: Jonathan Weiss / Shutterstock.com