Dollar Tree Says Breach Hit Competitor InsteadThe threat of a cyberattack is ever-present for businesses. According to a major threat actor, retail giant Dollar Tree fell victim to their massive ransomware attack. However, information regarding the source of the stolen data has proven to be incorrect.

A Major Cybersecurity Incident Targets Retail Giant

INC Ransom, a major ransomware operation, included Dollar Tree on its data leak page, which the threat actor published on the dark web. According to the post, the hackers infiltrated Dollar Tree's system and stole 1.2 terabytes of sensitive information.

They threatened to release the information unless the retail giant paid a ransom. As evidence of their cyberattack, INC Ransom included passport scans, details regarding sexual harassment claims, and employee confidentiality agreements.

Who Is INC Ransom?

INC Ransom gained notoriety in the summer of 2023. Since then, the organization has claimed responsibility for 394 victims.

The gang has a reputation for its sophisticated spear phishing tactics and double-extortion methods to extort as much as possible from businesses. INC Ransom attacks often involve encrypting stolen data and threatening to release sensitive information online unless the targeted business pays a ransom.

Dollar Tree's Response to the Alleged Attack

The problem with the INC Ransom ransomware attack is that, according to recent news about the Dollar Tree data breach, the retailer didn't experience any data leak. The actual victim of the crime was 99 Cents Only, which is an entirely different business.

According to a spokesperson from Dollar Tree, the company is aware of the data breach claims. They note that only the 99 Cents Only stores were affected. The representative also claims that the information the threat actors released on the dark web so far only pertains to former 99 Cents Only employees.

Dollar Tree and 99 Cents Only: What's the Connection?

Why would an experienced hacking group claim a cyberattack on Dollar Tree if the retail giant says the attack affected another retailer? 99 Cents Only and Dollar Tree are not the same business, but they do have a connection.

In the spring of 2024, 99 Cents Only declared bankruptcy due to excessive theft, industry competition, and inflation. By mid-year, the business closed its 371 stores.

The connection between 99 Cents Only and Dollar Tree is the property that the former retailer previously leased. After the bankrupt businesses completed their liquidation, Dollar Tree obtained the rights to 170 of its former leases. They also got some of the in-store equipment and 99 Cents Only's North American IP, along with the leases.

According to news reports on the Dollar Tree data breach, the INC Ransom ransomware attack was unrelated to Dollar Tree. The data breach only impacted 99 Cents Only, despite the acquisition of the 170 leases.

Dollar Tree did not take any data from the bankrupt store, nor did the organization integrate any of its systems or network. The spokesperson for the retail giant says that all allegations regarding Dollar Tree's involvement with the hack are inaccurate. Unfortunately, it's impossible to get a statement from 99 Cents Only because its contact information is defunct.

Used with permission from Article Aggregator