Dollar Tree is now facing a class action lawsuit following a recent security breach that affected nearly 2 million employees, according to local reporting.
The lawsuit was filed by former Dollar Tree worker Kenneth Stanley and states that Dollar Tree officials failed to notify workers immediately after hackers obtained access to worker information including names, dates of birth, and social security numbers.
Dollar Tree allegedly shared the private, unencrypted information of its employees and customers with a human-resources software vendor, Zeroed-In Technologies, LLC, which then stored that private information in an unencrypted, Internet-accessible environment on its public network.
According to Zeroed-In Technologies, the company’s systems were hacked between Aug. 7 and 8. However, Zeroed-In said it waited nearly four months, until at least November 27, to begin notifying impacted employees and customers, which may have violated state and federal laws, according to a statement from the law offices representing Dollar Tree workers in the lawsuit.
The lawsuit lists three charges: negligence, breach of implied contract, and unjust enrichment.
Stanley alleges some employees are just now receiving information on the breach, and that Dollar Tree distributed the notice via letters in the mail. The former worker found out about the leak via a letter from Dollar Tree which he received on Nov. 27. However, he claims the letter did not mention how the breach happened, how the situation was being addressed by the retailer, or what had happened to his personal information.
Stanley claims he is now receiving a high number of spam calls and texts and says Dollar Tree “willfully, recklessly, and negligently disregarded the rights of class members.”
“Zeroed-In is a vendor that we and other companies use. They informed us that they identified a security incident, and they provided notice of the incident to current and former employees,” said Dollar Tree in a statement to Norfolk, Va.-based news outlet 13News Now.
