Retail Sector in Crosshairs as INC Ransomware Claims New Victim

Hackers claim to have stolen terabytes of sensitive data from Dollar Tree; confusion arises as company links incident to 99 Cents Only Stores’ systems it acquired in bankruptcy deal

New York — August 1, 2025
In what may be one of the largest ransomware claims involving a major U.S. retailer this year, the INC Ransomware group has taken credit for a 1.2-terabyte data breach allegedly involving Dollar Tree, the American discount retail giant and Fortune 500 company with reported revenues of $17.58 billion for fiscal year 2025.

The group published the claim on its dark web leak site on July 30, stating that it had infiltrated Dollar Tree’s systems and exfiltrated massive volumes of sensitive and personal data — including files tied to operations, human resources, and potentially customer and vendor records.

Conflicting Claims: Dollar Tree Points to 99 Cents Only Stores

In a response to Recorded Future News, a Dollar Tree spokesperson said the company is aware of the ransomware gang’s claim but does not believe its core systems were compromised. Instead, the company suggested the breach may be linked to 99 Cents Only Stores, a California-based discount chain that filed for bankruptcy in April 2025.

Dollar Tree acquired rights to 170 of the bankrupt chain’s store leases in a fast-moving transaction shortly before 99 Cents Only Stores shuttered operations. Cybersecurity analysts say that if legacy IT systems were not adequately secured or segmented during the transition, attackers could have exploited these gaps.

“This may be a classic case of inherited risk,”
— Elena Maxwell, Cyber Risk Analyst, ThreatMetrics Group

“When acquiring distressed assets, cybersecurity often takes a back seat to financial and operational due diligence — and attackers know that.”

INC Ransomware: A Growing Threat

The INC Ransomware gang has become increasingly aggressive in 2025, launching high-profile attacks on manufacturing, retail, and healthcare targets across the United States and Europe. Their operations are characterized by double extortion tactics — stealing data and threatening to leak it if ransoms are not paid.

If their claim against Dollar Tree is substantiated, the 1.2TB figure would mark one of the largest retail-sector breaches of the year. At present, no sample files have been posted publicly, but the group has threatened to release data in stages unless their demands are met.

Security Implications for the Retail Industry

Cybersecurity experts warn that this incident highlights a broader pattern of attackers targeting retailers not only for consumer data but also for supply chain intelligence and point-of-sale vulnerabilities.

“The sector is inherently exposed,” says Dr. Rafiq Hosseini, Director of Retail Security Research at the University of Texas. “Discount retailers operate on razor-thin margins and often rely on legacy systems. They’re a perfect storm for ransomware groups.”

Human Impact: Employees, Vendors, and Customers in Limbo

While Dollar Tree has not confirmed a full breach of its infrastructure, the fear of compromised personal information looms over thousands of employees, suppliers, and former 99 Cents Only workers whose data may have been stored on inherited servers or unsecured endpoints.

The company said it is conducting a forensic investigation and has engaged third-party experts to evaluate any potential exposure. Regulatory agencies including the FTC, CISA, and state attorneys general have been notified, pending confirmation of data exfiltration.

Breach Highlights Acquisition Cyber Due Diligence Risks

This case underscores a rising trend: cybercriminals exploiting acquisition blind spots. As more companies snap up bankrupt competitors, inadequate digital hygiene during handovers becomes fertile ground for cyber intrusion.

“This won’t be the last time we see a breach tied to a rushed acquisition,”
— Heather Lemoine, M&A Security Advisor, RedShield Consulting

“Organizations must treat IT assets like ticking time bombs unless proven otherwise.”

Conclusion

Whether directly targeted or collateral damage from a broader acquisition fallout, Dollar Tree now finds itself entangled in a cybersecurity controversy that could cost not just in regulatory fines, but in brand trust and operational confidence.

As ransomware actors grow bolder and acquisitions continue, this incident may serve as a cautionary tale for corporate leaders, reminding them that digital liabilities often hide behind closed storefronts.