Dot Foods Data Breach Exposes Sensitive Employee Information
In December 2025, Dot Foods, Inc., North America’s largest food redistributor, detected unauthorized access to a small number of employee email accounts. The breach, which occurred between December 3 and 4, 2025, involved an attacker viewing sensitive attachments containing personally identifiable information (PII).
After securing the affected accounts, Dot Foods launched an investigation with cybersecurity experts, confirming on December 15, 2025, that exposed data included names and Social Security numbers. The company notified impacted employees on December 17, 2025, with written notices sent beginning January 7, 2026. Approximately 6,374 individuals across the U.S., including residents of Maine and Massachusetts, were affected.
Dot Foods offered 24 months of complimentary credit monitoring and identity restoration services through Norton LifeLock to those impacted. Legal firms, including Shamis & Gentile P.A., are investigating potential class action lawsuits, assessing whether the company implemented adequate data protection measures.
The incident underscores the risks of email-based breaches in supply chain and distribution sectors, where even limited access can expose critical employee data.
Source: https://www.claimdepot.com/investigations/dot-foods-data-breach-2026
Dot Foods, Inc. TPRM report: https://www.rankiteo.com/company/dot-foods
Dot Transportation, Inc. TPRM report: https://www.rankiteo.com/company/dotfoods
"id": "dotdot1768252414",
"linkid": "dot-foods, dotfoods",
"type": "Breach",
"date": "12/2025",
"severity": "60",
"impact": "3",
"explanation": "Attack with significant impact with internal employee data leaks"{'affected_entities': [{'customers_affected': '6,374 individuals',
'industry': 'Food Redistribution',
'location': 'Mt. Sterling, Illinois, United States',
'name': 'Dot Foods, Inc. & Dot Transportation, Inc.',
'size': 'Large',
'type': 'Corporation'}],
'attack_vector': 'Email Compromise',
'customer_advisories': 'Notified affected individuals via written notices '
'beginning Jan. 7, 2026',
'data_breach': {'file_types_exposed': 'Email attachment',
'number_of_records_exposed': '6,374',
'personally_identifiable_information': ['Name',
'Social Security '
'number'],
'sensitivity_of_data': 'High',
'type_of_data_compromised': 'Personally Identifiable '
'Information (PII)'},
'date_detected': '2025-12-03',
'date_publicly_disclosed': '2025-12-17',
'description': 'Dot Foods, Inc. discovered suspicious activity involving a '
'small number of email accounts in December 2025. The '
'investigation revealed that an unauthorized actor accessed '
'certain email messages between Dec. 3 and Dec. 4, 2025, and '
'an attachment containing sensitive employee information was '
'exposed. The breach affected approximately 6,374 individuals '
'in the United States.',
'impact': {'data_compromised': 'Sensitive personally identifiable information',
'identity_theft_risk': 'High',
'systems_affected': 'Email accounts'},
'initial_access_broker': {'entry_point': 'Email accounts'},
'investigation_status': 'Completed',
'recommendations': ['Enroll in complimentary credit monitoring and identity '
'restoration services',
'Monitor financial accounts and credit reports for '
'suspicious activity',
'Place a fraud alert or credit freeze on credit files',
'Report suspected identity theft or fraud to banks, '
'credit card companies, and law enforcement',
'Obtain free credit reports annually from major credit '
'bureaus',
'Follow guidance provided in the notice letter'],
'references': [{'source': 'Shamis & Gentile P.A.'}],
'regulatory_compliance': {'legal_actions': 'Potential class action lawsuit'},
'response': {'communication_strategy': 'Notified employees on Dec. 17, 2025; '
'written notices began on Jan. 7, 2026',
'containment_measures': 'Secured the affected email accounts',
'third_party_assistance': 'Cybersecurity and computer forensics '
'specialists'},
'title': 'Dot Foods, Inc. & Dot Transportation, Inc. Data Breach',
'type': 'Data Breach'}