Dollar Tree data breach exposes names, birthdates and SSNs of almost 2 million people — what to do next

An open lock depicting a data breach
(Image credit: Shutterstock)

Getting your Facebook hacked or having your computer infected with malware is one thing but sometimes, your personal data can end up in the hands of hackers even if you did nothing wrong.

For instance, a new data breach against the popular discount store chain Dollar Tree has led to the names, dates of birth and Social Security numbers (SSNs) of almost 2 million former and current Dollar Tree and Family Dollar employees.

As reported by BleepingComputer, Dollar Tree and Family Dollar have 16,622 retail locations in the U.S. and Canada. Now though, the retail chain’s employees could be at risk of targeted phishing attacks and other cyberattacks following a security incident that occurred between August 7 and 8 of this year.

During the security incident in question, the hackers responsible managed to access the systems of a third-party service provider used by Dollar Tree and steal loads of sensitive data. Whether you currently work at Dollar Tree or Family Dollar, used to work for the company or know someone that does, here’s everything you need to know about this data breach and what steps you can take next.

Third-party service provider to blame

Just like with many of the other data breaches we’ve seen in the past, this one didn’t occur as a result of negligence on Dollar Tree’s part. Instead, a third-party service provider used by the company and many others for that matter named Zeroed-In was the one which fell victim to a security incident back in August.

In a letter sent to those affected by the breach, Zeroed-In explained that it’s initial investigation was able to determine that its systems had been accessed by hackers. However, the company could not confirm the specific files that were “accessed or taken by the unauthorized actor.”

From here, Zeroed-In conducted a review of what exactly was on its systems at the time of the attack in order to find out exactly what kind of personal information may have been exposed. 

While we know that both Dollar Tree and Family Dollar were affected as a result of this data breach, since other companies also use Zeroed-in’s HR analytics platform, the fallout could be even bigger. We’ll update this piece if that does turn out to be the case.

What to do after your personal info was exposed in a data breach

A woman looking at a smartphone while using a laptop

(Image credit: Shutterstock)

If you are a current or former Dollar Tree or Family Dollar employee, you likely have received or will receive a letter from Zeroed-In informing you of this data breach. 

The letter itself provides some guidance on what to do next and explains that Zeroed-in will provide affected individuals with single bureau credit monitoring and identity theft protection from IdentityForce for the next 12 months. However, you will need to log in to IdentityForce’s site and provide the unique code contained in the letter to activate the service.

In addition to taking advantage of this offer, you’re also going to want to keep a close eye on your bank statements for signs of fraud like large transactions you don’t remember making. Since the hackers responsible also managed to steal users’ SSNs, they could even take out a loan or sign up for a credit card in your name.

Data breaches like the one described above happen more often than you’d think. However, if you are proactive and take advantage of the offers and support provided by the company that suffered one, you’re less likely to have your identity stolen. Still though, there’s nothing worse than ending up in a situation like this when you did nothing wrong on your end.

More from Tom's Guide

Anthony Spadafora
Senior Editor Security and Networking

Anthony Spadafora is the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to password managers and the best way to cover your whole home or business with Wi-Fi. Before joining the team, he wrote for ITProPortal while living in Korea and later for TechRadar Pro after moving back to the US. Based in Houston, Texas, when he’s not writing Anthony can be found tinkering with PCs and game consoles, managing cables and upgrading his smart home.