Dot Foods Data Breach Affects 6,374 People, Exposing Social Security Numbers

On Dec. 3, 2025, Dot Foods, Inc. and its affiliated trucking and logistics company, Dot Transportation, discovered suspicious activity involving a small number of employee email accounts. The companies acted quickly to secure the affected accounts and launched an extensive investigation with the help of cybersecurity and computer forensics specialists.

According to a disclosure to the state of Massachusetts, The investigation determined that between Dec. 3 and Dec. 4, 2025, an unauthorized actor viewed certain email messages within these accounts. While it could not be confirmed whether attachments to the viewed emails were also accessed, this "possibility could not be ruled out".

On Dec. 15, 2025, Dot Foods identified that an attachment to one of the accessed emails contained sensitive information relating to its employees. The information potentially exposed includes names and Social Security numbers.

According to the Maine Attorney General disclosure, 6,374 people in the United States are affected by this incident. Of these, one person in Maine and six in Massachusetts were confirmed as impacted. Written notification to affected individuals began on Jan. 7, 2026.

Dot Foods & Dot Transportation's response

Dot Foods and Dot Transportation responded promptly by securing the affected email accounts and engaging cybersecurity experts to investigate the incident. The companies notified all employees by email on Dec. 17, 2025, and reported the breach to the Federal Bureau of Investigation.

To support those affected, Dot Foods is offering two years of complimentary credit monitoring and identity restoration services through Norton LifeLock. Impacted individuals have been provided with detailed instructions for enrolling in these services, which include identity alerts, dark web monitoring, stolen funds reimbursement, and credit monitoring. The companies have also enhanced technical safeguards, reviewed internal policies and procedures, and are providing additional employee training to reduce the likelihood of a similar event in the future.

Affected individuals are encouraged to:

• Enroll in the provided credit monitoring service by March 28, 2026
• Remain vigilant by reviewing account statements and credit reports for unusual activity
• Consider placing a fraud alert or credit freeze with the major credit bureaus
• Report any suspected identity theft or fraud to their financial institutions, law enforcement, or the Federal Trade Commission

Further guidance and resources are detailed in the written notice sent to affected individuals.