Dell is facing a serious security breach as a user named “menelik” offered a database containing 49 million customer records for sale on the dark web’s Breach Forums site. The breach, which includes customer names, postal addresses, hardware information, order details, and servicing history, was first reported on April 29. The majority of affected customers are believed to be from the US, Australia, Canada, China, and India, although it is unclear how many customers in the UK may be impacted. The post offering the database for sale has since been removed from Breach Forums, suggesting it may have been sold successfully.
In a letter sent to affected customers, Dell stated that it is investigating an incident involving a Dell portal but believes that the risk to customers is minimal since the compromised information does not include financial or payment details, email addresses, or phone numbers. Dell has engaged a third-party forensics firm to investigate the incident and is closely monitoring the situation. The company is also providing resources to help customers protect themselves from scams and fraud attempts and encouraging them to report any suspicious activity related to their Dell accounts or purchases.
Security analysts have criticized Dell for the oversight of having such a large dataset stored in a vulnerable portal, stating that it is a significant lapse in front-door security. In response to growing concerns about cyber attacks, Dell recently expanded its data protection portfolio with new appliances, software, and as-a-service offerings to enhance enterprise customers’ resiliency. These advancements aim to address the findings of a customer survey that revealed many organizations feel their existing data protection measures are insufficient and lack confidence in their ability to recover from a cyber attack.
The new offerings include more secure PowerProtect appliances, an artificial intelligence assistant in Apex Backup Services to guide users, and a Storage Direct Protection service in PowerProtect Data Manager for faster and more secure backup and recovery.