Workforce analytics services provider ZeroedIn is notifying roughly two million individuals that their personal information was compromised in an August 2023 data breach.
In a filing with the Maine Attorney General’s Office, the company revealed that the incident was identified on August 8, and that a threat actor had unauthorized access to certain systems between August 7 and 8.
The company immediately launched an investigation into the incident, which determined that some of the files accessed or stolen by the attackers contained personal information.
After conducting a review of the files on the compromised systems, ZeroedIn discovered that the accessed data pertained to certain customers, including US variety store chains Dollar Tree and Family Dollar.
ZeroedIn says it notified Dollar Tree of the incident after determining that some of the compromised information pertained to “certain individuals associated with them”.
The attackers, the company says, accessed or stole files containing names, dates of birth, and Social Security numbers.
In the sample notification letter submitted to the Maine Attorney General’s Office, ZeroedIn notes that the compromised information is related to “applicants and current and former employees of its clients”.
The company told the Maine Attorney General’s Office that close to two million individuals were impacted by the incident, with the filing suggesting that only individuals related to Dollar Tree and Family Dollar might have been impacted.
Per Dollar Tree’s latest 10-Q filing with the US Securities and Exchange Commission, more than 16,600 retail discount stores and 17 distribution centers in the US and Canada operate under the Dollar Tree and Family Dollar brands.
ZeroedIn may face a class action suit over the incident, as data breach lawyers at Console & Associates, P.C. announced they are investigating the matter on behalf of the impacted individuals.
Related: University of Michigan Says Personal Information Stolen in August Data Breach
Related: TransUnion Denies Breach After Hacker Publishes Allegedly Stolen Data
Related: Up to 11 Million People Hit by MOVEit Hack at Government Services Firm Maximus