Inc Ransomware Claims 1.2TB Data Breach at Dollar Tree

The notorious INC Ransomware group is claiming responsibility for a data breach at Dollar Tree, the American retail chain known for selling most items at $1.25 or less. Despite its discount model, Dollar Tree is a Fortune 500 company, reporting $17.58 billion in revenue for fiscal year 2025.

As seen by Hackread.com, Dollar Tree appeared on the INC Ransomware’s dark web leak site earlier today. The group claims to have breached the company’s security and stolen 1.2TB of sensitive and personal data.

“They became a victim of the data breach. 1.2TB of sensitive and personal data will be published soon on our blog,“ the group claims.

A quick review of the sample data shared on the leak site reveals a range of sensitive documents. These include passport copies, filled payroll forms, job letters, agreements, legal correspondence between the company and employees, and complaints detailing sexual harassment and discrimination cases.

INC Ransomware: A Notorious Cybercrime Group

INC Ransom, also known as GOLD IONIC, has been active since at least July 2023. The group is known for its sophisticated tactics and for using multiple malware families to carry out its attacks.

The group targets a broad range of industries, including healthcare, education, and industrial sectors, with a primary focus on the United States and Europe. It has been linked to several high-profile attacks, including a major ransomware incident involving Ahold Delhaize, the parent company of Albert Heijn, where 6 terabytes of data were stolen. While INC Ransom is suspected to have ties to Russia, its exact origins remain unclear.

INC Ransom also made headlines in December 2024 for targeting the UK’s National Health Service (NHS). The group stole patient data and caused service disruptions at multiple institutions, including Alder Hey Children’s, Liverpool Heart and Chest NHS Foundation Trusts, and Wirral University Teaching Hospital.

In March 2024, INC Ransomware also targeted NHS Scotland, stealing 3TB of data and threatening to leak it online if their ransom demands weren’t met. Reports indicate that the group has demanded ransoms exceeding $5 million in some cases.

INC Ransom is especially known for its double-extortion tactics, where they not only encrypt a victim’s data but also exfiltrate it, threatening to publish it online if the ransom isn’t paid. The group has also rebranded itself as Lynx, continuing its operations with the same double-extortion tactics and targeting crucial sectors in the US and UK.

Hackread.com has contacted Dollar Tree for a statement. This article will be updated if a response is received.

Another Day, Another Ransomware

Ransomware attacks continue to surge. Just last week, NASCAR confirmed a data breach after Medusa ransomware claimed responsibility and demanded a $4 million ransom. On July 28, 2025, the GLOBAL GROUP ransomware gang claimed to have breached Miami-based media giant Albavisión, stealing 400GB of data.

Nevertheless, ransomware attacks like the one claimed against Dollar Tree show just how aggressive cybersecurity threats have become. With major companies and public institutions constantly under attack, the need for proper security measures has never been more urgent.