HQ/EMEAFind out how we can help your business
Dell warns its consumers about a data breach after a threat actor claimed to have stolen information from about 49 million customers. This prominent computer company began distributing data breach warnings to consumers, indicating that an unwanted incident compromised the Dell portal containing customer transaction information.
According to the company, they are investigating an incident involving a Dell portal containing a database with limited customer information related to the company’s purchases. Moreover, Dell believes there is no significant risk to its customers since the allegedly compromised system only holds insignificant information.
The company claims that the threat actor obtained information, such as names and physical addresses. Moreover, Dell stated that the attackers may have acquired other data like hardware and order information, including service tags, item descriptions, order dates, and related warranty information.
Nonetheless, the company emphasises that the stolen information does not include financial or payment information, email addresses, or phone numbers and that they have already reached out and cooperated with a law enforcement agency and a third-party forensics agency to address the situation.
The stolen data from Dell is now on a hacking forum.
Recent investigations said a threat actor named Menelik attempted to sell a Dell database on the Breach Forums hacking site late last month. The threat actor claimed they acquired the data that contains around 49 million customers and other information systems purchased from Dell between 2017-2024.
On the other hand, the company does not believe there is a significant risk to their customers, given the type of information involved. Still, the stolen data could breed other illicit activities that would be problematic for its customers.
Some experts explained that despite no email addresses involved in the leak, the threat actors could still execute attacks, such as physically mailing altered Ledger hardware wallets that can steal cryptocurrency or giving presents containing malware-infected USB drives.
Currently, the database offered is no longer available for sale. Hence, a threat actor has likely purchased it and is now attempting to monetise it through illegal activities.
Customers should be cautious of any physical mailings or emails claiming to be from Dell, such as unexpected packages, since a malicious entity could have already started its campaign to gain profit from the leaked database.
