Dell has contacted customers warning of a data breach containing purchase information related to 49 million individuals.
The technology giant said it was currently looking into a security incident involving a Dell portal, which contains a database storing “limited types of customer information” linked to recent purchases of Dell products.
Its investigation indicated the information compromised in the breach was limited to customer names, addresses, their Dell customer info, and product information related to their purchase.
Dell said it immediately implemented its incident response procedures once it was aware of the breach, taking a number of steps to contain the incident and notifying law enforcement.
Financial or payment information, email addresses, and telephones, were not included in leaked data, according to Dell, who claimed there was not a “significant risk” to customers as a result.
On 29 April 2024, open source intelligence resource Daily Dark Web reported a threat actor with the name ‘Menelik’ was selling access to a database containing 49 million customer records on a hacking forum hosted on the dark web.
The listing stated that the database for sale contained information related to systems purchased from Dell between 2017 - 2024, and the countries with the most systems included in the breach were the US, China, India, Australia, and Canada.
Around 7 million entries were related to individual or personal purchases, with 11 million pertaining to consumer segment companies. The rest of the information was linked to enterprise customers including partners and schools.
The type of information Menelik stated was included in the compromised database aligns with what Dell said was exposed in the data breach disclosed on 9 May.
Notably, however, a twitter account dedicated to providing intel on dark web activity, DarkWebInformer, claimed the listing created on the underground forum no longer exists, but suggested the post may still be legitimate.
ITPro contacted Dell for clarification on whether this data was the same, but at the time of writing the company has yet to respond.
Why Dell customers should be wary
Although Dell claimed it did not consider the incident exposed its customers to ‘significant risk’ as the leaked data did not include particularly sensitive information like email addresses, phone numbers, or financial data, it did advise customers to exercise caution.
Dell’s breach notification recommended customers impacted by the incident to take steps to protect themselves against social engineering attacks using information compromised in the breach, providing tips on how to detect tech support scams in particular.
The threat from social engineering attacks has grown in recent years, in April IT security specialist Zscaler reported it had blocked around 2 billion phishing attempts in 2023, marking a 60% increase year on year (YoY).
