Dell Downplays Data Breach, But 49 Million Customers' Physical Info Leaked

Stolen data might be used for malicious purposes.

Dell announced Thursday that it suffered a data breach affecting customers' names and addresses. According to a report from TechCrunch, Dell also warned consumers about an issue with a Dell portal that contains a database of restricted purchase information.

The data breach included customer names, addresses, Dell hardware, and order details like service tags, item descriptions, purchase dates, and warranty information. Dell did not say if the incident was due to foreign hostile activity or internal negligence.

Dell told users that the hacked data did not include email addresses, phone numbers, financial information, or other sensitive information, limiting customer risk.

Dell Downplays Data Breach

The tech firm acknowledged the compromise but said, "We believe there is not a significant risk to our customers given the type of information involved."

TechCrunch reported that Dell provided a standard version of the email issued to affected customers when asked about the data breach. An unnamed Dell spokesman declined to comment due to an ongoing inquiry.

The Daily Dark Web revealed an advertisement on a hacker forum earlier in April providing Dell system customer data from 2017 to 2024.

According to Dell's statement, the collection had 49 million individual records. Despite questions about the forum post, Dell's spokesman did not confirm or dispute the hacker's assertions.

On April 28, Daily Dark Web reported that Menelik tried to sell a Dell database on Breach Forums. The threat actor claimed the database contains "49 million customer and other information systems purchased from Dell between 2017 and 2024."

According to BleepingComputer, the data matches Dell's data breach notice.

However, it has not been verified, and the withdrawal of this post from Breach Forums suggests that another threat actor may have obtained the database.

Read also:  

Dell Computers Post Quarterly Earnings That Beat Expectations
A Dell laptop is seen on display at a Best Buy store on June 02, 2023 in Austin, Texas. Brandon Bell/Getty Images

Users Urged to Stay Vigilant Over Cyberthreats

Despite Dell's assertion that the type of information involved poses "no significant risk" to its customers, targeted attacks on Dell customers might use the stolen data.

The leaked information does not include email addresses. Still, threat actors might use it for phishing attempts via physical mailings with malicious URLs or media (e.g., DVDs or thumb drives) to install malware on recipients' machines.

Distribution of altered hardware wallets or presents containing malware-laden USB sticks may seem unlikely, yet threat actors have used similar approaches.

Once the database is no longer for sale, threat actors may use it for malicious purposes.

In light of this Dell cyberattack, users should be wary of Dell-related letters and emails, especially those asking them to download software, change passwords, or engage in dangerous activities.

According to The Register, Dell's last such issue occurred in 2018, when unknown hackers broke into its network and reset customer passwords.

The FCC added telecommunications and voice-over-IP services to its data loss reporting requirements this year.

In support of the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA), the US government's CISA regulation may force more firms to disclose data intrusions to the government within 72 hours.

byline quincy

ⓒ 2024 TECHTIMES.com All rights reserved. Do not reproduce without permission.
Join the Discussion
Real Time Analytics