Dell is warning prospects of a data breach after a menace actor claimed to have stolen data for about 49 million prospects.
The pc maker started emailing data breach notifications to prospects yesterday, stating {that a} Dell portal containing buyer data associated to purchases was breached.
“We’re presently investigating an incident involving a Dell portal, which comprises a database with restricted sorts of buyer data associated to purchases from Dell,” reads a Dell data breach notification shared with BleepingComputer.
“We consider there may be not a big danger to our prospects given the kind of data concerned.”
Dell states that the next data was accessed by the menace actor in the course of the breach:
- Title
- Bodily tackle
- Dell {hardware} and order data, together with service tag, merchandise description, date of order, and associated guarantee data
The corporate stresses that the stolen data doesn’t embody monetary or cost data, electronic mail addresses, or phone numbers and that they’re working with legislation enforcement and a third-party forensics agency to research the incident.
BleepingComputer contacted Dell on Wednesday to be taught extra concerning the breach and the way many individuals it impacted however was informed they “usually are not disclosing this particular data from our ongoing investigation.”
Data was on the market on a hacking discussion board
As first reported by Each day Darkish Net, a menace actor named Menelik tried to promote a Dell database on the Breach Boards hacking discussion board on April twenty eighth.
The menace actor mentioned they stole knowledge from the pc maker for “49 million buyer and different data techniques bought from Dell between 2017-2024.”
Whereas BleepingComputer has not been in a position to affirm if this is similar knowledge that Dell disclosed, it matches the knowledge listed within the data breach notification.
The Breach Discussion board’s submit has since been deleted from the location, which may point out that one other menace actor bought the database.
Dell doesn’t “consider there may be important danger to our prospects given the kind of data concerned,” but the stolen data may probably be used in focused assaults in opposition to Dell prospects.
Because the stolen data doesn’t embody electronic mail addresses, menace actors may goal particular folks with bodily mailings with phishing hyperlinks or that include media (DVDs/thumb drives) to put in malware on targets’ gadgets.
Whereas this may increasingly sound far-fetched, menace actors have carried out related assaults up to now, bodily mailing tampered Ledger {hardware} wallets that stole cryptocurrency or sending items with USB drives that put in malware.
Because the database is now not being bought, there’s a good probability a menace actor is making an attempt to monetize it indirectly by assaults.
Subsequently, be cautious of any bodily mailings or emails you obtain that declare to be from Dell asking you to put in software program, change passwords, or carry out another probably dangerous motion.
Should you obtain an electronic mail or bodily mailing, you need to as an alternative contact Dell instantly to verify it’s legit.