Contents:
Computer company Dell Technologies revealed on Friday that it is looking into a data breach event involving a company site that contained limited customer information tied to sales.
Dell informed consumers in a message that the results of its investigation indicate that unauthorized access was made to a database containing customer names, addresses, hardware, and order details, such as service tags, item descriptions, order dates, and warranty information.
The company emphasized that financial information, email addresses, phone numbers and other highly sensitive data were not part of the breached database.
Breach Notification Sent by Dell to Its Customers (Source)
Dell claimed that as soon as it learned about the event, it put security response plans into place, started an investigation, acted to stop the breach, and alerted law enforcement.
Additionally, the business has hired a third-party forensics group to look into the issue more thoroughly.
Data For Sale on the Dark Web
On April 28th a threat actor named Menelik attempted to sell a Dell database on the Breach Forums hacking forum. According to the threat actor, they took use of the computer manufacturer’s data for ‘49 million customers and other information systems purchased from Dell between 2017-2024.’
Database Sale Post (Source: Daily Dark Web)
Researchers stated that the leak appears to be real, as they were able to identify Dell product serial numbers, customer information, and some employee records in the data sample.
The threat actor claims that the database contains approximately 49 million records, including:
- Customer names, email addresses, and hashed passwords;
- Dell product details like serial numbers and purchase orders;
- Employee records with names, email addresses, and other internal data.
The post has since been deleted from the forum, which could indicate that another threat actor purchased the database.
Despite the fact that Dell does not “believe there is significant risk to our customers given the type of information involved,” it is possible that targeted attacks against Dell customers will target the stolen data.
Customers were warned by the company to report any unusual activity related to their Dell accounts or transactions to security@dell.com and to stay alert against potential tech support scams.
If you liked this piece, follow us on LinkedIn, Twitter, Facebook, and YouTube for more cybersecurity news and topics.