Dollar Tree has disclosed a data breach in which the information relating to nearly 2 million current and former employees has been stolen following a breach at a third-party provider.
In a filing with the Office of the Maine Attorney General, it has stated that 1,997,486 people had been affected in the breach that occurred on Aug. 7 and 8. Zeroed-In is a people analytics and data management company providing Dollar Tree with workforce analytical services.
Zeroed-In, in a letter to its affected customers, said that it discovered suspicious activity related to certain network systems on Aug. 8 and then took steps to secure the systems and launched an investigation into the nature and scope of the activity. The investigation subsequently determined that an unauthorized actor gained access to certain systems.
After the initial investigation could not determine what was stolen, a subsequent investigation completed on Aug. 31 found that data potentially stolen included names, dates of birth and Social Security numbers. The company also ticked off the other standard responses to a data breach: informing law enforcement, reviewing policies and informing those affected, including offering 12 months of credit monitoring services.
The silence from Dollar Tree itself comes as a surprise despite the breach affecting its employees. It has only commented that “Zeroed-In is a vendor that we and other companies use,” that Dollar Tree had been informed of the security incident and that Zeroed-In had “provided notice of the incident to current and former employees.”
The breach may also result in legal action, with law firm Console & Associates P.C. currently investigating a potential class-action lawsuit against Zeroed-In.
