A supply chain attack on IT provider Zeroed-In Technologies [4], LLC has resulted in a major data breach, compromising the personal information of approximately 2 million users. This breach occurred between August 7-8, 2023 [2] [4], and unauthorized access was gained to certain systems [1] [2]. The breach has raised concerns about the security of vendors and the need for proper security controls.
Description
The breach at Zeroed-In Technologies [2], LLC [3], which serves Dollar Tree and Family Dollar [2] [5], has exposed the personal information of around 2 million users. Cybercriminals were able to gain unauthorized access to certain systems during the breach, although the specific files accessed remain unknown. The stolen data includes personally identifiable information such as names, dates of birth [1] [2], and Social Security numbers [1] [2] [4]. Zeroed-In conducted a thorough review to assess the extent of the breach and is offering affected individuals free credit monitoring services for a year. Dollar Tree has confirmed that some of the stolen data belonged to its employees [4], with the state of Maine reporting 7,034 impacted employees [2]. It is worth noting that the Zeroed-In platform is utilized by over 70 businesses and has more than 30,000 registered users.
Conclusion
The data breach at Zeroed-In Technologies [2], LLC has significant implications for the affected individuals and the company itself. The compromised personal information puts users at risk of identity theft and other fraudulent activities. Zeroed-In’s response to the breach, including offering free credit monitoring services [2], is a step towards mitigating the potential harm caused. However, legal action may be taken against Zeroed-In [1], highlighting the importance of selecting vendors with robust security controls in place. This incident serves as a reminder for businesses to prioritize cybersecurity and ensure the protection of sensitive data. The Murphy Law Firm is currently investigating potential legal claims on behalf of those affected by the breach [3], indicating the potential long-term consequences for Zeroed-In Technologies, LLC [3].
References
[1] https://siliconangle.com/2023/11/30/dollar-tree-employee-data-compromised-third-party-provider-breach/
[2] https://www.infosecurity-magazine.com/news/thousands-dollar-tree-staff/
[3] https://markets.financialcontent.com/pentictonherald/article/prlog-2023-11-29-zeroed-in-technologies-llc-data-breach-murphy-law-firm-investigates-legal-claims
[4] https://www.techradar.com/pro/security/dollar-tree-data-breach-could-affect-millions-of-customers
[5] https://iapp.org/news/a/hackers-steal-okta-customer-support-user-data-dollar-tree-employees-experience-data-breach/
