Dell is currently facing a significant breach of customer information as a result of a database containing 49 million records being offered for sale on the dark web. The breach includes names, addresses, hardware details, order information, and servicing history. It was first reported on April 29, and the majority of affected customers are believed to be from the US, Australia, Canada, China, and India. The post offering the database for sale has since been removed from the site, suggesting it may have been sold successfully.
Dell has sent a letter to affected customers, stating that they are investigating an incident involving a Dell portal. However, they believe that the risk to customers is minimal as the information does not include financial or payment details, email addresses, or phone numbers. Dell has taken immediate action upon identifying the incident, implementing incident response procedures, containing the incident, notifying law enforcement, and engaging a third-party forensics firm to investigate. They are advising customers to be vigilant against follow-on scams and fraud attempts, particularly tech support phone scams, and to report any suspicious activity to [email protected]
Although Dell has not provided any additional information, it has been criticized for the lack of security measures in place for such a large dataset. In April, Dell expanded its data protection portfolio in response to growing concerns about cyber attacks. The company introduced new, more secure appliances, an integrated AI assistant, and a Storage Direct service for faster and more secure backup and recovery. These developments come after a Dell customer survey revealed that many organizations felt their existing data protection measures were insufficient and lacked confidence in their ability to recover from a cyber attack.