Dollar Tree data breach exposes names, birthdates and SSNs of almost 2 million people — what to do next

An open lock depicting a data breach
(Image credit: Shutterstock)

Getting your Facebook hacked or having your computer infected with malware is one thing but sometimes, your personal data can end up in the hands of hackers even if you did nothing wrong.

For instance, a new data breach against the popular discount store chain Dollar Tree has led to the names, dates of birth and Social Security numbers (SSNs) of almost 2 million former and current Dollar Tree and Family Dollar employees.

As reported by BleepingComputer, Dollar Tree and Family Dollar have 16,622 retail locations in the U.S. and Canada. Now though, the retail chain’s employees could be at risk of targeted phishing attacks and other cyberattacks following a security incident that occurred between August 7 and 8 of this year.

During the security incident in question, the hackers responsible managed to access the systems of a third-party service provider used by Dollar Tree and steal loads of sensitive data. Whether you currently work at Dollar Tree or Family Dollar, used to work for the company or know someone that does, here’s everything you need to know about this data breach and what steps you can take next.

Third-party service provider to blame

Just like with many of the other data breaches we’ve seen in the past, this one didn’t occur as a result of negligence on Dollar Tree’s part. Instead, a third-party service provider used by the company and many others for that matter named Zeroed-In was the one which fell victim to a security incident back in August.

In a letter sent to those affected by the breach, Zeroed-In explained that it’s initial investigation was able to determine that its systems had been accessed by hackers. However, the company could not confirm the specific files that were “accessed or taken by the unauthorized actor.”

From here, Zeroed-In conducted a review of what exactly was on its systems at the time of the attack in order to find out exactly what kind of personal information may have been exposed. 

While we know that both Dollar Tree and Family Dollar were affected as a result of this data breach, since other companies also use Zeroed-in’s HR analytics platform, the fallout could be even bigger. We’ll update this piece if that does turn out to be the case.

What to do after your personal info was exposed in a data breach

A woman looking at a smartphone while using a laptop

(Image credit: Shutterstock)

If you are a current or former Dollar Tree or Family Dollar employee, you likely have received or will receive a letter from Zeroed-In informing you of this data breach. 

The letter itself provides some guidance on what to do next and explains that Zeroed-in will provide affected individuals with single bureau credit monitoring and identity theft protection from IdentityForce for the next 12 months. However, you will need to log in to IdentityForce’s site and provide the unique code contained in the letter to activate the service.

In addition to taking advantage of this offer, you’re also going to want to keep a close eye on your bank statements for signs of fraud like large transactions you don’t remember making. Since the hackers responsible also managed to steal users’ SSNs, they could even take out a loan or sign up for a credit card in your name.

Data breaches like the one described above happen more often than you’d think. However, if you are proactive and take advantage of the offers and support provided by the company that suffered one, you’re less likely to have your identity stolen. Still though, there’s nothing worse than ending up in a situation like this when you did nothing wrong on your end.

More from Tom's Guide

TOPICS
Anthony Spadafora
Managing Editor Security and Home Office

Anthony Spadafora is the managing editor for security and home office furniture at Tom’s Guide where he covers everything from data breaches to password managers and the best way to cover your whole home or business with Wi-Fi. He also reviews standing desks, office chairs and other home office accessories with a penchant for building desk setups. Before joining the team, Anthony wrote for ITProPortal while living in Korea and later for TechRadar Pro after moving back to the US. Based in Houston, Texas, when he’s not writing Anthony can be found tinkering with PCs and game consoles, managing cables and upgrading his smart home. 

Read more
A picture showing different credit cards stacked on top of each other on a table
5 million Americans just had their credit card details leaked online — what to do now
An open lock depicting a data breach
More than 3.3 million people hit by employee screening data hack — what you need to know
An open lock depicting a data breach
3.5 million hit in major law firm data breach — full names, SSNs, dates of birth, addresses and more exposed
An open lock depicting a data breach
12 million hit in Zacks Investment data breach — how to protect yourself now
An open lock depicting a data breach
Massive healthcare data breach just exposed the personal info of 1 million Americans — what to do now
Image of man on computer with data security ecosystem
Over 900,000 Americans just had their personal and health info exposed in medical data breach — names, phone numbers, treatments and SSNs
Latest in Online Security
Windows
240 million Windows 10 users are vulnerable to six different hacker exploits — protect yourself now
Victims of Identity Theft
FTC says Americans lost $12 billion to scams last year and these were the worst ones — here's how to stay safe
Apple iPhone 16 Plus Review.
Apple just released an emergency security update for a flaw used in an ‘extremely sophisticated attack’ — update your devices right now
A person trying to set up a new Wi-Fi router
Thousands of TP-Link routers have been infected by a botnet to spread malware
An image of a CAPTCHA
Hackers are using reCAPTCHA to trick users into infecting their own PCs with malware — how to stay safe
A smartphone screen displaying the Android name and logo next to a sign reading 'MALWARE'.
Fake Google Play Store pages are spreading Trojan malware that can steal your financial data
Latest in News
Google Chromecast
Google has a fix for broken Chromecasts as long as you didn't factory reset
NYTimes Connections
NYT Connections today hints and answers — Friday, March 14 (#642)
Nvidia ACE
I played with Nvidia's AI NPC prototypes — now they're real, and I fear I'll never finish a game again
Intel CPU
Intel's Panther Lake appears in public for the first time — what we know about the new chip
OnePlus Pad 2 with keyboard
OnePlus Pad 2 Pro specs leak — this tablet is a beast
Josh Hartnett in Trap
Netflix top 10 movies — here’s the 3 worth watching right now