Irish Information Security Forum

Dell Data Breach: Investigation Underway

Ireland's Data Protection Commission (DPC) confirmed that it received a breach notification related to Dell and is assessing the matter.

First Breach

Dell alerted customers via email about a data breach that included stolen customer names, physical addresses, and Dell order information. Some of the affected data belonged to Dell customers in the European Union. Despite the theft of physical addresses, Dell assured customers that there was no significant risk due to the type of information involved.

Second Breach

The same threat actor responsible for the initial breach claimed to have taken additional customer data from a different Dell portal. This data included customer names, phone numbers, and email addresses. The threat actor, known as "Menelik," exploited flaws in two different Dell portals to scrape customer data

The threat actor behind the Dell data breach accessed internal systems by registering several accounts on a Dell portal as a partner reselling Dell products and services. The process of registration was relatively simple and did not require verification. After Dell approved the new partner accounts, the threat actor brute-forced customer service tags over three weeks, spamming requests to a database storing sensitive information. Dell was unaware of the unauthorized access until the hacker notified them.

The Dell data breach impacted approximately 49 million customers. The exposed information included names, postal addresses, and Dell hardware and order details. Dell report that financial and payment informationwas not compromised in this attack.

WARNING: If you're a Dell customer who made hardware purchases between 2017 and 2024, remain cautious of any communication claiming to be from the company, especially if it arrives via email, SMS or automated Call notification.

References

(1) Ireland privacy watchdog confirms Dell data breach investigation. https://uk.finance.yahoo.com/news/ireland-privacy-watchdog-confirms-dell-153315881.html.
(2) Dell hacker says they were able to to directly attack company servers to scrape data. https://www.msn.com/en-gb/money/technology/dell-hacker-says-they-were-able-to-to-directly-attack-company-servers-to-scrape-data/ar-BB1mjqRH.
(3) Dell Data Breach Impacts 49 Million Customers. https://www.cpomagazine.com/cyber-security/dell-data-breach-impacts-49-million-customers/.
(4) Ireland privacy watchdog confirms Dell data breach investigation. https://techcrunch.com/2024/05/16/ireland-privacy-watchdog-confirms-dell-data-breach-investigation/.
(5) Dell announces security breach | ZDNET. https://www.zdnet.com/article/dell-announces-security-breach/.

(6) Dell hacker claims they had access to systems for nearly three weeks. https://www.itpro.com/security/data-breaches/dell-hacker-claims-they-had-access-to-systems-for-nearly-three-weeks.

(7) Dell Data Breach Sells Customer Data On Dark Web. https://techround.co.uk/news/dell-data-breach-sells-customer-data-on-dark-web/.
(8) Dell Data Breach: API Abused to Steal 49 Million Customer Records. https://devel.group/blog/dell-data-breach-api-abused-to-steal-49-million-customer-records/.

(9) Dell data breach may affect up to 49 million customers. https://www.msn.com/en-ie/money/technology/dell-data-breach-may-affect-up-to-49-million-customers/ar-BB1miFNK.

(10) Dell warns of user data breach — 49 million customers affected in .... https://www.techradar.com/pro/security/dell-warns-of-user-data-breach-49-million-customers-affected-in-security-incident-heres-what-we-know.
(11) Dell Data Breach Sells Customer Data On Dark Web. https://techround.co.uk/news/dell-data-breach-sells-customer-data-on-dark-web/.
(12) Dell confirms data breach affecting customer personal details. https://www.msn.com/en-gb/news/other/dell-confirms-data-breach-affecting-customer-personal-details/ar-BB1maP76.
(13) For Whom the Dell Tolls: Data Breach Affects 49 Million Customers. https://www.secureworld.io/industry-news/dell-tolls-data-breach.
(14) Massive Dell data breach hits 49 million users - Tom's Guide. https://www.tomsguide.com/computing/online-security/massive-dell-data-breach-hits-49-million-users-what-you-need-to-know.

If you are interested in finding out more about the IISF, or would like to attend one of our Chapter Meetings as an invited guest, please contact the
IISF Secretary:

By email:
secretary@iisf.ie

By post:

David Cahill

Information Security

GPO, 1-117
D01 F5P2

Enhance your Cybersecurity knowledge and learn from those at the coalface of information Security in Ireland

Forum SPONSORS

Invitations for Annual Sponsorship of IISF has now reopened.

(your logo & profile link here)

Sponsors are featured prominently throughout the IISF.IE website, social media channels as well as enjoying other benefits Read more

More News

Adobe Releases Security Updates for Multiple Products
A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system.

Apple Identifies Vulnerabilities
Users and administrators are encouraged to review the following Security Bulletins and apply necessary updates:

IISF Members / Sponsors

secured by edgescan digital security radar logo