Dot Foods Suffers Email Breach Exposing Employee Social Security Numbers
On December 3, 2025, Dot Foods, Inc. and its logistics arm, Dot Transportation, detected unauthorized access to a limited number of employee email accounts. The companies swiftly secured the accounts and initiated an investigation with cybersecurity and forensic experts.
The breach, occurring between December 3 and 4, 2025, involved an unauthorized actor viewing email messages within the compromised accounts. While it remains unconfirmed whether attachments were accessed, investigators could not dismiss the possibility. On December 15, Dot Foods identified that an exposed attachment contained sensitive employee data, including names and Social Security numbers.
The incident affected 6,374 individuals across the U.S., with one confirmed case in Maine and six in Massachusetts. Written notifications to impacted employees began on January 7, 2026.
In response, Dot Foods and Dot Transportation reported the breach to the FBI, notified employees on December 17, 2025, and offered two years of complimentary credit monitoring and identity restoration services through Norton LifeLock. The companies also implemented enhanced security measures, policy reviews, and additional employee training to mitigate future risks. Affected individuals were advised to enroll in the monitoring service by March 28, 2026.
Source: https://www.claimdepot.com/data-breach/dot-foods-2026
Dot Foods cybersecurity rating report: https://www.rankiteo.com/company/dotfoods
Dot Foods cybersecurity rating report: https://www.rankiteo.com/company/dotfoods
"id": "DOTDOT1768252603",
"linkid": "dotfoods, dotfoods",
"type": "Breach",
"date": "12/2025",
"severity": "60",
"impact": "3",
"explanation": "Attack with significant impact with internal employee data leaks"{'affected_entities': [{'customers_affected': '6,374 employees',
'industry': 'Food Distribution & Logistics',
'location': 'United States',
'name': 'Dot Foods, Inc.',
'type': 'Company'},
{'customers_affected': '6,374 employees',
'industry': 'Trucking & Logistics',
'location': 'United States',
'name': 'Dot Transportation',
'type': 'Company'}],
'attack_vector': 'Email Compromise',
'customer_advisories': 'Written notice sent to affected individuals with '
'guidance on protective measures',
'data_breach': {'file_types_exposed': 'Email attachments',
'number_of_records_exposed': '6,374',
'personally_identifiable_information': ['Names',
'Social Security '
'numbers'],
'sensitivity_of_data': 'High (Social Security numbers)',
'type_of_data_compromised': 'Personally Identifiable '
'Information (PII)'},
'date_detected': '2025-12-03',
'date_publicly_disclosed': '2026-01-07',
'description': 'Dot Foods, Inc. and its affiliated trucking and logistics '
'company, Dot Transportation, discovered suspicious activity '
'involving a small number of employee email accounts. An '
'unauthorized actor viewed certain email messages and '
'potentially accessed attachments containing sensitive '
'employee information.',
'impact': {'data_compromised': 'Names and Social Security numbers',
'identity_theft_risk': 'High',
'systems_affected': 'Employee email accounts'},
'initial_access_broker': {'entry_point': 'Employee email accounts'},
'investigation_status': 'Completed',
'post_incident_analysis': {'corrective_actions': 'Enhanced technical '
'safeguards, reviewed '
'internal policies and '
'procedures, additional '
'employee training'},
'recommendations': ['Enroll in provided credit monitoring service by March '
'28, 2026',
'Review account statements and credit reports for unusual '
'activity',
'Consider placing a fraud alert or credit freeze with '
'major credit bureaus',
'Report suspected identity theft or fraud to financial '
'institutions, law enforcement, or the Federal Trade '
'Commission'],
'references': [{'source': 'State of Massachusetts disclosure'},
{'source': 'Maine Attorney General disclosure'}],
'regulatory_compliance': {'regulatory_notifications': ['State of '
'Massachusetts',
'Maine Attorney '
'General']},
'response': {'communication_strategy': 'Notified employees by email on Dec. '
'17, 2025; sent written notifications '
'to affected individuals starting Jan. '
'7, 2026',
'containment_measures': 'Secured affected email accounts',
'incident_response_plan_activated': 'Yes',
'law_enforcement_notified': 'Federal Bureau of Investigation',
'remediation_measures': 'Enhanced technical safeguards, reviewed '
'internal policies and procedures, '
'additional employee training',
'third_party_assistance': 'Cybersecurity and computer forensics '
'specialists'},
'title': 'Dot Foods Employee Email Account Breach',
'type': 'Data Breach'}