Dell has sent breach notification emails to approximately 49 million individuals whose data was reportedly stolen in a recent cyberattack. The compromised information includes names, postal addresses, and Dell hardware and order details, such as service tags, item descriptions, order dates, and warranty information. Dell stated in the notification letter that it is currently investigating the incident, which involves a database containing limited customer information related to purchases from the company. The company believes that the risk to customers is not significant, as financial and payment information, email addresses, and phone numbers were not compromised in the attack.
Dell has taken immediate action by notifying relevant authorities and engaging third-party cybersecurity experts to assess the extent of the breach. The nature of the attack, whether it was a data theft or a ransomware attempt, is still unknown. While Dell maintains that the risk to customers is low, there remains a possibility of phishing attempts or the deployment of malware and ransomware through personalized letters with removable drives. Such tactics have been employed in the past. Additionally, there is a risk that the stolen database may have already been sold on the dark web.
A cybercriminal using the alias Menelik advertised a Dell database on a dark web forum, claiming it contained customer and other information systems purchased from Dell between 2017 and 2024. The thread was swiftly deleted, suggesting that the database may have been purchased. Dell customers who bought hardware within the specified timeframe are advised to exercise caution when receiving communications purportedly from the company, particularly if they arrive via mail.
Source: BleepingComputer