The INC Ransomware gang has claimed responsibility for a data breach at Dollar Tree, alleging the theft of 1.2 terabytes of sensitive data.The group published samples of this data on its leak site, threatening to release more unless ransom demands are met.
Main Incident
- The INC Ransomware gang publicly claimed to have breached Dollar Tree, stating it exfiltrated 1.2TB of sensitive data.
- The threat group published data samples, which included:
- Passport copies
- Filled payroll forms
- Job offer letters
- Various agreements
- Legal correspondence
- Employee complaints of harassment and discrimination
- INC Ransomware threatened to release the entire dataset unless ransom demands were met.
Dollar Tree’s Response
- Dollar Tree categorically denied that its own IT or corporate networks had been breached.
- The company clarified:
- The leaked files largely reference employees and operations of 99 Cents Only Stores.
- Dollar Tree recently acquired rights to store leases from 99 Cents Only after the latter’s closure in 2024.
- Dollar Tree did not acquire 99 Cents Only’s corporate entity, IT infrastructure, or any employee/customer data systems.
- Dollar Tree stated it has no evidence of a breach in its own networks or customer data as part of this incident.
Confirmation and Context
- Security journalists and researchers analyzed the data samples; they support Dollar Tree’s statement.
- Most leaked files are tied to 99 Cents Only Stores, not Dollar Tree.
- Data references activities and employees post-lease acquisition, but not ongoing Dollar Tree operations or personnel.
- No direct evidence has emerged showing that Dollar Tree’s own systems were compromised.
Ongoing Situation & Risks
- The incident remains under monitoring by cybersecurity firms and news outlets.
- The final status may change if new evidence surfaces or more data is released.
- At present, the only impact to Dollar Tree is reputational—there is no technical confirmation of breach or loss of its customers’ data.
Key takeaway: As of now, there is no confirmation that Dollar Tree’s own IT network or customer data was breached—INC Ransomware’s exposed data appears tied to the legacy systems of 99 Cents Only Stores, whose lease rights Dollar Tree acquired after the chain’s 2024 closure. Dollar Tree continues to monitor the situation.
