Dell warns of information breach, 49 million clients allegedly affected

Dell is warning clients of an information breach after a menace actor claimed to have stolen info for about 49 million clients.

The pc maker started emailing information breach notifications to clients yesterday, stating {that a} Dell portal containing buyer info associated to purchases was breached.

“We are currently investigating an incident involving a Dell portal, which contains a database with limited types of customer information related to purchases from Dell,” reads a Dell information breach notification shared with BleepingComputer.

“We believe there is not a significant risk to our customers given the type of information involved.”

Dell data breach notification

Dell states that the next info was accessed by the menace actor throughout the breach:

  • Identify
  • Bodily deal with
  • Dell {hardware} and order info, together with service tag, merchandise description, date of order, and associated guarantee info

The corporate stresses that the stolen info doesn’t embody monetary or fee info, electronic mail addresses, or phone numbers and that they’re working with legislation enforcement and a third-party forensics agency to analyze the incident.

BleepingComputer contacted Dell on Wednesday to be taught extra in regards to the breach and the way many individuals it impacted however was instructed they “are not disclosing this specific information from our ongoing investigation.”

Knowledge was on the market on a hacking discussion board

As first reported by Every day Darkish Net, a menace actor named Menelik tried to promote a Dell database on the Breach Boards hacking discussion board on April twenty eighth.

The menace actor mentioned they stole information from the pc maker for “49 million customer and other information systems purchased from Dell between 2017-2024.”

Dell customer data being sold on Breach Forums
Dell buyer information being bought on Breach Boards
Supply: Every day Darkish Net
​​​​​​

Whereas BleepingComputer has not been capable of affirm if this is identical information that Dell disclosed, it matches the knowledge listed within the information breach notification.

The Breach Discussion board’s submit has since been deleted from the positioning, which might point out that one other menace actor bought the database.

Dell doesn’t “believe there is significant risk to our customers given the type of information involved,” but the stolen info might doubtlessly be used in focused assaults in opposition to Dell clients.

Because the stolen info doesn’t embody electronic mail addresses, menace actors might goal particular folks with bodily mailings with phishing hyperlinks or that comprise media (DVDs/thumb drives) to put in malware on targets’ units.

Whereas this will sound far-fetched, menace actors have performed comparable assaults previously, bodily mailing tampered Ledger {hardware} wallets that stole cryptocurrency or sending items with USB drives that put in malware.

Fake BestBuy gift card with USB drive that installs malware
Pretend BestBuy present card with USB drive that installs malware
Supply: TrustWave

Because the database is not being bought, there’s a good likelihood a menace actor is trying to monetize it not directly by way of assaults.

Subsequently, be cautious of any bodily mailings or emails you obtain that declare to be from Dell asking you to put in software program, change passwords, or carry out another doubtlessly dangerous motion.

In the event you obtain an electronic mail or bodily mailing, you need to as an alternative contact Dell immediately to verify it’s reputable.

Recent articles