What type of data does INC Ransomware claim to have stolen?

According to samples shared on the ransomware group's leak site, the allegedly compromised data includes passport copies and identification documents, completed payroll forms and employment records, job application letters and employment agreements, legal correspondence between the company and employees, internal complaints detailing sexual harassment and discrimination cases, and personal employee information and corporate documentation.

What happened to 99 Cents Only Stores?

99 Cents Only Stores was a separate discount retail chain that filed for bankruptcy in April 2024 and permanently closed all stores by June 2024. The company went out of business completely, which is when Dollar Tree acquired some of their real estate lease rights and equipment.

How much data did INC Ransomware claim to steal?

The INC Ransomware group claims to have stolen approximately 1.2 terabytes of data. This represents a substantial amount of information that could include thousands of employee records and sensitive corporate documents if the claims are accurate.

When did INC Ransomware publish their claims?

The ransomware claims were published on the INC Ransomware group's dark web leak site on July 30, 2025. The timing and method of publication follows typical ransomware group tactics of using leak sites to pressure victims and demonstrate their capabilities.

How many people were affected by this alleged data breach?

The number of affected individuals has not been disclosed by either the ransomware group or the companies involved. Given that the data allegedly includes employee records from a retail chain, the number could potentially be substantial, especially if it includes both current and former employees of 99 Cents Only Stores.

What sensitive employee information was allegedly exposed?

The allegedly exposed employee information includes highly sensitive data such as passport copies and identification documents, payroll forms, employment agreements, and particularly concerning, internal complaints detailing sexual harassment and discrimination cases. This type of information could be extremely damaging to affected individuals if misused.

Is Dollar Tree's denial of the breach credible?

Dollar Tree's explanation that the data originates from 99 Cents Only Stores rather than their own systems appears plausible given their limited business relationship with the bankrupt retailer. However, the situation highlights how complex data ownership and responsibility can become when companies acquire assets from bankrupt entities.

What should former 99 Cents Only employees do about this breach?

Former 99 Cents Only Stores employees should assume their personal and employment information may have been compromised and monitor for identity theft, be cautious of targeted phishing attempts, and consider that sensitive information such as harassment complaints may be at risk of exposure. They should also monitor their credit reports and be alert for any misuse of their personal information.

What does this incident reveal about data security after business closures?

This incident highlights the ongoing data security risks that persist even after companies go out of business and close their operations. It demonstrates how employee data from defunct companies may remain vulnerable and how complex data ownership becomes when assets are acquired from bankrupt entities, raising questions about ongoing data protection responsibilities.

Incident

INC Ransomware gang claims breach of Dollar Tree, company disputes involvement

Q: How has Dollar Tree responded to the ransomware claims?

Dollar Tree has disputed the ransomware group's claims, stating that their own systems were not compromised. The company clarified that the alleged stolen data appears to originate from 99 Cents Only Stores, a separate discount retail chain that filed for bankruptcy in April 2024 and permanently closed all stores by June 2024.

Q: What is the connection between Dollar Tree and 99 Cents Only Stores?

Dollar Tree's involvement with 99 Cents Only was limited to acquiring select real estate lease rights for 170 locations following the company's closure, along with certain intellectual property and equipment. This was a business transaction related to store locations rather than a full acquisition of the company or its data systems.

published: July 30, 2025

Learn More

The INC Ransomware group is claiming a breach of Dollar Tree, one of America's largest discount retail chains. The claims were published on the gang's dark web leak site on July 30, 2025, alleging theft of approximately 1.2 terabytes of data.

According to samples shared on the ransomware group's leak site, the allegedly compromised data includes:

Passport copies and identification documents
Completed payroll forms and employment records
Job application letters and employment agreements
Legal correspondence between the company and employees
Internal complaints detailing sexual harassment and discrimination cases
Personal employee information and corporate documentation

The number of affected individuals has not been disclosed.

Dollar Tree has disputed the ransomware group's claims, claiming that their own systems were not compromised. Dollar Tree clarified that the alleged stolen data appears to originate from 99 Cents Only Stores, a separate discount retail chain that filed for bankruptcy in April 2024 and permanently closed all stores by June 2024.

Dollar Tree's involvement with 99 Cents Only was apparently limited to acquiring select real estate lease rights for 170 locations following the company's closure, along with certain intellectual property and equipment.

INC Ransomware gang claims breach of Dollar Tree, company disputes involvement

Read More
Victoria Eye/Surgery/Vision Center reports data breach
BianLian ransomware group claims hacking of Republic Shipping …
St Helens Council reports ransomware attack
Snatch ransomware gang glaims attack on Tyson Foods
Lee Enterprises hit by ransomware, causes operational disruptions