Cyber threats remain a serious concern for retailers, especially with threat groups continuing to spread misinformation. Recently, ransomware operators claimed they had targeted Dollar Tree in a large security breach. But according to the company, those reports are based on a misunderstanding.

Claims Surface on the Dark Web

The hacking group known as INC Ransom included Dollar Tree on its data leak site and stated it was behind a cyberattack that compromised over a terabyte of sensitive information from the retailer. In a post shared on the dark web, the group noted that the data included scanned documents such as passports, internal files covering harassment claims, and employee confidentiality agreements.

The hackers demanded payment and threatened to release the files if their demands were not met.

Understanding the Group Behind the Claim

INC Ransom began gaining attention in mid-2023, quickly building a reputation among cybercriminal organizations. Their method often involves a two-pronged approach: locking up data with encryption while also threatening to release it publicly.

Their tactics focus heavily on spear phishing, and they have claimed hundreds of victims since their emergence. The goal in each case is the same: apply pressure by holding sensitive data hostage while threatening exposure.

Dollar Tree Denies Being the Target

In response to these claims, a Dollar Tree spokesperson shared that the company had not suffered a breach. Instead, they confirmed the impacted organization was 99 Cents Only, an unrelated discount retail chain that shut down operations earlier this year.

The files identified in the leak appear to belong to former employees of 99 Cents Only. No direct connection to stored Dollar Tree data was confirmed, and the company emphasized that none of its systems were compromised.

Tracing the Confusion Between the Two Retailers

Though Dollar Tree and 99 Cents Only are two separate businesses, there is some overlap in recent history. Earlier this year, 99 Cents Only filed for bankruptcy after struggling with inventory losses, competition, and the effects of inflation. The chain eventually closed all 371 of its stores.

Following the closures, Dollar Tree acquired the rights to 170 of those store leases, along with some equipment and intellectual property. However, they did not obtain access to the digital systems or employee data from 99 Cents Only.

This acquisition may have led to confusion among those outside the companies, including INC Ransom. But according to Dollar Tree, none of the assets they obtained included access to networks or records tied to the now-closed retailer.

No Integration, No Data Shared

Dollar Tree has made it clear that its systems remain separate from anything tied to 99 Cents Only. The company did not migrate legacy data, adopt prior systems, or store sensitive information linked to the closed chain.

So far, no signs indicate that Dollar Tree suffered any data loss, and reports released by multiple sources suggest the breach remains isolated to 99 Cents Only. Attempts to confirm details with the bankrupt retailer have been unsuccessful, as its contact channels are no longer active.

Moving Forward Without the Rumors

In light of this statement, it appears that INC Ransom misidentified its victim. Dollar Tree is taking steps to assure customers, employees, and partners that their systems were not impacted. The situation serves as a reminder that public claims, especially from threat actors, should be carefully verified.

With the original retailer out of business, Dollar Tree continues to move forward with the new leases while distancing itself from the fallout of this cyber incident.