The Dollar Tree data breach has sparked confusion after a ransomware group claimed to have stolen over 1.2 terabytes of data. Dollar Tree acknowledges the claims but denies any involvement in the breach, stating the data likely came from a company it recently acquired.
The INC Ransom group, a known ransomware cartel, added Dollar Tree to its dark web leak site, claiming to have stolen sensitive and personal files. So far, the attackers have only published a few screenshots, and it remains unclear how much of the data—if any—belongs to Dollar Tree itself.
Dollar Tree Says Claims Are Misplaced
In a statement to Cybernews, Dollar Tree confirmed it’s aware of the ransomware gang’s claims. However, it stressed that the breach appears to involve 99 Cents Only Stores, a company it partially acquired in 2024.
“The files referenced in these claims appear to involve former 99 Cents Only employees,” a Dollar Tree spokesperson said.
“Dollar Tree’s involvement with 99 Cents Only Stores is related to the purchase of select real estate lease rights following their closure. We did not acquire their corporate entity, systems/network, or data.”
With over 15,000 stores across the US and Canada, Dollar Tree employs more than 65,000 people and posted over $17.5 billion in revenue in 2024.
Although INC Ransom has listed Dollar Tree as a victim, current evidence suggests that the gang may have accessed legacy systems or leftover databases belonging to 99 Cents Only—mistakenly linking the breach to Dollar Tree.
Who Is INC Ransom?
INC Ransom is a highly active multi-extortion ransomware cartel. The group has hit over 200 organizations in the past year alone, according to dark web tracking tool Ransomlooker.
Victims of INC Ransom include:
- Stark AeroSpace (US defense contractor)
- The San Francisco Ballet
- City of Leicester (UK)
- Xerox Corporation
- Catholic Cemeteries of the Diocese of Hamilton (Canada)
The group carries out double-extortion attacks—they encrypt stolen files and then threaten to publish them online if the victim doesn’t pay the ransom. Researchers believe INC Ransom may have ties to other known gangs like Lynx, and note that it avoids targeting entities in the Commonwealth of Independent States (CIS)—a red flag for likely Russia-based activity.
Not Dollar Tree’s First Security Incident
If confirmed, this wouldn’t be Dollar Tree’s first brush with data security trouble. In 2023, the company reportedly shared unencrypted employee and customer data with a third-party vendor. That vendor was later breached, exposing sensitive information.
Now, with the Dollar Tree data breach back in the spotlight, the company is eager to distance itself from claims tied to 99 Cents Only.
Conclusion
The Dollar Tree data breach remains under scrutiny as INC Ransom continues to post threats online. While Dollar Tree denies any direct involvement, the incident highlights the risks companies face when acquiring assets without inheriting proper cybersecurity controls. As ransomware cartels grow bolder, businesses must stay vigilant—even when the breach may belong to someone else.
0 responses to “Dollar Tree Data Breach Tied to Ransomware Cartel, But Company Denies Involvement”