Get all your news in one place.
100’s of premium titles.
One app.
Start reading
Tom’s Guide
Tom’s Guide
Technology
Anthony Spadafora

Dollar Tree data breach exposes names, birthdates and SSNs of almost 2 million people — how to know if you’re affected

An open lock depicting a data breach.

Getting your Facebook hacked or having your computer infected with malware is one thing but sometimes, your personal data can end up in the hands of hackers even if you did nothing wrong.

For instance, a new data breach against the popular discount store chain Dollar Tree has led to the names, dates of birth and Social Security numbers (SSNs) of almost 2 million former and current Dollar Tree and Family Dollar employees.

As reported by BleepingComputer, Dollar Tree and Family Dollar have 23,000 retail locations in the U.S. and Canada. Now though, the retail chain’s employees could be at risk of targeted phishing attacks and other cyberattacks following a security incident that occurred between August 7 and 8 of this year.

During the security incident in question, the hackers responsible managed to access Dollar Tree’s systems and steal loads of sensitive data. Whether you currently work at Dollar Tree or Family Dollar, used to work for the company or know someone that does, here’s everything you need to know about this data breach and what steps you can take next.

Third-party service provider to blame

Just like with many of the other data breaches we’ve seen in the past, this one didn’t occur as a result of negligence on Dollar Tree’s part. Instead, a third-party service provider used by the company and many others for that matter named Zeroed-In was the one which fell victim to a security incident back in August.

In a letter sent to those affected by the breach, Zeroed-In explained that it’s initial investigation was able to determine that its systems had been accessed by hackers. However, the company could not confirm the specific files that were “accessed or taken by the unauthorized actor.”

From here, Zeroed-In conducted a review of what exactly was on its systems at the time of the attack in order to find out exactly what kind of personal information may have been exposed. 

While we know that both Dollar Tree and Family Dollar were affected as a result of this data breach, since other companies also use Zeroed-in’s HR analytics platform, the fallout could be even bigger. We’ll update this piece if that does turn out to be the case.

What to do after your personal info was exposed in a data breach

(Image credit: Shutterstock)

If you are a current or former Dollar Tree or Family Dollar employee, you likely have received or will receive a letter from Zeroed-In informing you of this data breach. 

The letter itself provides some guidance on what to do next and explains that Zeroed-in will provide affected individuals with single bureau credit monitoring and identity theft protection from IdentityForce for the next 12 months. However, you will need to log in to IdentityForce’s site and provide the unique code contained in the letter to activate the service.

In addition to taking advantage of this offer, you’re also going to want to keep a close eye on your bank statements for signs of fraud like large transactions you don’t remember making. Since the hackers responsible also managed to steal users’ SSNs, they could even take out a loan or sign up for a credit card in your name.

Data breaches like the one described above happen more often than you’d think. However, if you are proactive and take advantage of the offers and support provided by the company that suffered one, you’re less likely to have your identity stolen. Still though, there’s nothing worse than ending up in a situation like this when you did nothing wrong on your end.

More from Tom's Guide

Sign up to read this article
Read news from 100’s of titles, curated specifically for you.
Already a member? Sign in here
Related Stories
Top stories on inkl right now
Our Picks
Fourteen days free
Download the app
One app. One membership.
100+ trusted global sources.