Dell Discloses Data Breach: 49 Million Customers Potentially Affected

Dell began notifying customers on May 8 of a data breach after a threat actor had attempted to sell a stolen database on a well-known hacking forum.

The technology giant said that the security incident impacted one of its portals from which the cybercriminals stole “limited types of customer information related to purchases from Dell.”

According to a data breach notice shared with BleepingComputer, the compromised information includes:

• Customer names and physical addresses

• Dell hardware and order information such as item description, order date, warranty information and service tag

“The information involved does not include financial or payment information, email address, telephone number or any highly sensitive customers information,” the notice reads.

Source: BleepingComputer

While the company provided no further details of the security event, the hacker’s data breach listing may shed some light on the potential impact on customers.

As reported by the Daily Dark Web, a data broker using the handle Manelik had listed a database containing the information of a whopping 49 million Dell customers on April 28.

The now-deleted post and description of the exfiltrated data seem to match Dell’s notification. Manelik’s listing specified that the stolen data repository included:

• 7 million rows of data on individual or personal purchases from Dell

• 11 million rows of data on consumer segment company purchases

• The remaining rows included info on enterprise, partners or school purchases

Most of the stolen information allegedly belonged to customers from the United States, China, Australia, India and Canada.

Source: Daily Dark Web

What are the potential risks?

Although the computer giant does not “believe there is significant risk to our customers given the type of information involved,” impacted Dell customers should remain vigilant.

Even though the exposed data did not include phone numbers or email addresses, names and physical addresses could enable cybercrooks to track victims on social media platforms to gather even more information to be used in targeted phishing attacks.

Additionally, malicious actors have been known to use less-conventional methods to trick victims into handing over sensitive data or even installing malware on their devices, such as sending infected media thumb drives via mail.

We recommend users closely inspect all unsolicited correspondence purporting to come from Dell that may include details from their previous purchases.