The American discount retail giant Dollar Tree has been claimed by one of the most notorious ransomware cartels. The gang posted the company on its dark web blog, claiming to have obtained over a terabyte of data. Meanwhile, Dollar Tree says it's aware of attackers' claims, adding that any allegations of the company's involvement are inaccurate.
Dollar Tree’s name recently appeared on INC Ransom’s leak site, which the gang uses to showcase its latest victims. The attackers claim that the discount retail giant has become a “victim of a data breach,” and that “1.2TB sensitive and personal data will be published soon.”
Dollar Tree told Cybernews that the company is aware of the claims made by ransomware group. However, the company says that data breach claims only refer to 99 Cents Only stores, the company acquired in 2024.
"The files referenced in these claims appear to involve former 99 Cents Only employees. Dollar Tree’s involvement with 99 Cents Only Stores is related to the purchase of select real estate lease rights following their closure. We did not acquire their corporate entity, systems/network, or data. Any allegation of Dollar Tree’s involvement is inaccurate," Dollar Tree's spokesperson told Cybernews.
Dollar Tree is a retail behemoth with over 15,000 locations in the US and Canada and employs more than 65,000 people. Its 2024 revenue stood at over $17.5 billion.
"Dollar Tree’s involvement with 99 Cents Only Stores is related to the purchase of select real estate lease rights following their closure. We did not acquire their corporate entity, systems/network, or data. Any allegation of Dollar Tree’s involvement is inaccurate,"
Dollar Tree's spokesperson said.
Since the gang has only just posted Dollar Tree on its dark web blog, extensive data samples have not yet been attached to the post. Ransomware cartels first announce their victims and proceed by attempting to coax them into paying via threats of a data leak.
So far, INC Ransom has only uploaded a handful of screenshots that allegedly refer to Dollar Tree-related documents. However, most of the information included refers to another discount retail chain, 99 Cents Only, which Dollar Tree acquired in 2024. It’s likely that attackers managed to get their hands on 99 Cents Only's legacy systems or corporate databases related to the merger.
If confirmed, the ransomware attack wouldn’t be the first time Dollar Tree data has ended up in the wrong hands. In 2023, the company reportedly shared unencrypted information on its employees and customers with a third-party vendor that was later breached.
Who is the INC ransom gang?
INC Ransom is one of the most prominent ransomware cartels currently operating. First observed two years ago, the gang has been climbing towards the top, with victims like DoD defense contractor Stark AeroSpace, the San Francisco Ballet, the City of Leicester in England, and the Xerox Corporation on its list.
The gang is not too picky about its targets. For example, the gang even resorted to targeting places of burial, as it targeted the Catholic Cemeteries of the Diocese of Hamilton in Canada.
According to Cybernews’ dark web monitoring tool, Ransomlooker, INC Ransom has victimized over 200 organizations over the past 12 months, with July being the most active for the cyber cartel.
The gang is considered a multi-extortion operation – which means it not only encrypts and steals data but also threatens to publish it online if the victim doesn’t pay up. It appears to target a varied number of industry sectors at random, including attacks on the healthcare, education, and government sectors.
While it’s unclear where the gang members come from, the vast majority of their victims are based in Western countries. At the same time, the gang doesn’t target organizations from the Commonwealth of Independent States (CIS), a tactic shared by many Russia-based cybercriminals.
Some researchers believe that the Lynx ransomware cartel is an offshoot or a rebrand attempt of individuals related to the INC Ransom cartel.
Updated on July 30th [02:30 p.m. GMT] with a statement from Dollar Tree.
Your email address will not be published. Required fields are markedmarked