In a significant security incident, Dell has warned its customers of a massive data breach that may have affected as many as 49 million individuals (via Bleeping Computer).
The breach came to light when Dell initiated a series of email notifications to its customers, informing them about the security breach. The breach, according to Dell, occurred within one of its portals where customer information linked to purchases was stored.
According to the breach notification shared by Dell with BleepingComputer, the compromised information includes customers’ names, physical addresses, as well as detailed information about Dell hardware purchases.
This includes service tags, item descriptions, dates of orders, and related warranty information.
Fortunately, Dell emphasized that sensitive financial or payment details, email addresses, and telephone numbers were not part of the compromised data. The company also stated that it is actively collaborating with law enforcement agencies and a third-party forensics firm to investigate the incident thoroughly.
The breach came to public attention when reports surfaced on the Daily Dark Web about a threat actor named Menelik attempting to sell a database purportedly containing Dell customer information on the Breach Forums hacking forum on April 28th.
While Dell has not officially confirmed if this is the same data that was compromised in the breach they disclosed, the information provided by the threat actor aligns with the details mentioned in Dell’s breach notification.
Although the post on the Breach Forums has since been removed, suggesting a potential sale of the database, Dell maintains that there is no significant risk to its customers considering the nature of the compromised information.
Past incidents have demonstrated similar tactics, including the distribution of tampered hardware or USB drives loaded with malicious software.
