Popular PC manufacturer Dell has issued a warning to millions of customers after it discovered a data breach in its systems. The brand, which specialises in Windows laptops and desktop PCs, was contacted by hackers who claimed to have stolen the names and addresses of approximately 49 million customers.
#DataBreach #Beware #dell #fraud
— VISHNU M SARASWATHY (@vishnums007) May 9, 2024
My credit card details used for a recent Dell laptop purchase were stolen and used for fraud. I questioned the source of the theft until receiving a message from Dell. I'm skeptical about their claim regarding the breach of payment information!! pic.twitter.com/DMOrmks6fO
After an internal investigation confirmed that its databases had been accessed, Dell sent an email to customers worldwide to warn them about the breach. Several PC owners have posted screenshots on social media, showing the message issued by Dell confirming the incident.
"We are currently investigating an incident involving a Dell portal, which contains a database with limited types of customer information related to purchases from Dell," reads the message from the computing giant. "We believe there is not a significant risk to our customers given the type of information involved."
However, Dell confirms the following information was accessed during the incident:
Dell has not confirmed whether the incident was caused by an inadvertent error or whether its system had been breached by hackers. However, security blog BleepingComputer has reported that an individual was caught trying to sell personal information from 49 million Dell customers on a forum. This individual claimed to have siphoned the sensitive data in a hack.
Dell has confirmed the data breach “did not include financial or payment information, email address, telephone number or any highly sensitive customer data”, adding that it did not believe there was a “significant risk” to customers given the nature of the information involved – Dell said it was taking proactive steps to notify them.
“Dell Technologies has a cybersecurity program designed to limit risk to our environments, including those used by our customers and partners,” the US firm’s statement said.
“Our program includes prompt assessment and response to identified threats and risks. We recently identified an incident involving a Dell portal with access to a database containing limited types of customer information including name, physical address, and certain Dell hardware and order information.
“It did not include financial or payment information, email address, telephone number or any highly sensitive customer data. Upon discovering this incident, we promptly implemented our incident response procedures, applied containment measures, began investigating, and notified law enforcement. Our investigation is supported by external forensic specialists.
“We continue to monitor the situation and take steps to protect our customers’ information. Although we don’t believe there is significant risk to our customers given the type of information involved, we are taking proactive steps to notify them as appropriate.”
Speaking about the risk this latest breach could pose to PC owners worldwide, Stephen Crow, who serves as security director at cybersecurity firm ANS, said recent Dell customers should be alert to any suspicious messages they receive claiming to be Dell or another firm.
“An immediate priority for impacted Dell customers will be to be wary of communications around recent orders, as these could be fraudulent,” he said. “Malicious actors may seek to gain more data through targeted attacks using the information stolen.
LATEST DEVELOPMENTS
Dell Technologies stand pictured at the Mobile World Congress tradeshow in Barcelona, Spain earlier this year — the largest mobile event on the planet
GETTY IMAGES
He added: “The data breach at Dell is a stark reminder that no organisation is completely immune from cyber threats, and that all forms of customer data requires stringent protection. Despite the absence of financial data, threat actors could potentially use the stolen information to launch phishing or malware attacks against consumers. They are likely to sell this data on the dark web as well, putting customers at even more risk.
“This incident serves as a call to action for companies to reassess their proactive cybersecurity strategies and incident response plans. Prevention is of course preferable, but should the worst happen, businesses need the ability to react quickly to contain the damage and minimise the impact on customers, no matter the type of data involved in a breach.”
Additional Reporting By Martyn Landi, PA Technology Correspondent
