Family Dollar & Dollar Tree Bleed Consumer Data Following Cyberattack
Table of Contents
- By Steven
- Dec 01, 2023
In 2015, Family Dollar acquired its biggest competitor, Dollar Tree. Family Dollar is one-half of a consumer’s dream; they offer low-priced goods for families in 8,200 locations nationwide. The other half of the business offers even lower deals. Dollar Tree provides options for $1 purchases at 15,000 locations throughout the states. Now, branches are sporting both company’s colors, wares, and deals. Cybercriminals recently breached one of their third-party analytic groups, exposing nearly 2 million consumer records.
How Did the Attack Occur?
Analytics provider and human resource management solution Zeroed-In Technologies suffered a cybersecurity event impacting Family Dollar and Dollar Tree consumers. Investigations are ongoing. Subsequently, there is not a lot of public information about the event. Zeroed-In discovered suspicious activity within their network systems and then immediately took action to investigate. They determined an unauthorized actor gained access to specific systems during the event; the systems presumably included the consumer data of Dollar Tree customers in Virginia.
What Information Was Viewed or Stolen?
According to the consumer notification published by the Attorney General of Maine, there are significant identity losses from this breach. Consumer names, birthdays, and Social Security Numbers were all exposed in the incident. However, because investigations are ongoing, the complete scale of the exposures remains uncertain. Consumers who had data stolen in this attack must take steps to prevent the misuse of their information.
How Did Family Dollar & Dollar Tree Admit to the Breach?
The threat actors began their attack on or around August 7th, 2023; a day later, officials discovered the breach, causing an immediate defense response. A few weeks later, around August 31st, experts completed their preliminary investigations and presumably began notifying organizations, including Dollar Tree. Months passed, and around November 27th, officials sent notices to those believed to have had exposures. It may take up to two weeks for those impacted to receive a corresponding physical notice; however, consumers don’t have to wait for a notice to start protecting themselves and their data.
What Will Become of the Stolen Information?
The compromised information in this breach contains mostly identity elements from what is publicly known. Although mundane, stolen data is enough to severely impact the owner of the information if misused by cybercriminals. From using it to commit fraudulent crimes to impersonation plots, identity data is sensitive information that consumers must protect. Until the ongoing investigations are complete, impacted consumers should take related defenses.
What Should Affected Parties Do in the Aftermath of the Breach?
Although investigations are ongoing, those who believe they had information stolen in the event must invest in safeguards. Consumers don’t need to wait for their notice to start defensive action. Identity monitoring services can instantly notify account holders of suspicious activity within networks and databases. Third-party password managers can maintain and generate complex, difficult-to-break passcodes. While multi-factor authentications also protect data by putting additional credential requirements at every entry gate. The consequences of this breach are unknown, but consumers can mitigate damages—and often prevent information misuse altogether—by acting now.