Dell has warned customers of a massive data breach following a hacker’s claims they accessed information belonging to roughly 49 million customers.
The U.S. computer manufacturer has started distributing data breach notifications to customers impacted by the incident, detailing how an attacker gained unauthorized entry to an online portal that housed customer purchase information on its website.
The email seen by ReadWrite stated, “We are currently investigating an incident involving a Dell portal, which contains a database with limited types of customer information related to purchases from Dell.”
According to Dell’s data breach notification, it seems that the attack resulted in the theft of personal information only, without compromising any financial data. The information stolen includes names, physical addresses, as well as hardware and order details from its systems.
The company stated that it “promptly implemented our incident response procedures, began investigating, took steps to contain the incident and notified law enforcement.” It added that a third-party forensics firm has been engaged to investigate the matter and that it would continue to monitor the situation closely.
“We believe there is not a significant risk to our customers given the type of information involved,” Dell wrote in the email.
Reported sale of Dell database
In April, Daily Dark Web reported a major security breach, with a threat actor claiming to sell a database allegedly holding 49 million customer records from Dell. The supposed data includes details about systems purchased from Dell between 2017 and 2024, forming a comprehensive repository of customer information.
The data claimed to be from current and sourced from Dell servers, includes critical personal and corporate information such as full names, addresses, cities, provinces, postal codes, countries, unique 7-digit service tags, system shipment dates, warranty plans, serial numbers for monitors, Dell customer numbers, and Dell order numbers.
The threat actor alleges to have exclusive access to this data, which contains a large trove of information. Of the records, approximately 7 million relate to individual/personal purchases, and 11 million are linked to consumer segment companies, with the rest involving enterprises, partners, schools, or unidentified entities.
In addition, the threat actor points out that the most affected countries are the United States, China, India, Australia, and Canada.
ReadWrite reached out to Dell for comment, who responded: “We are not disclosing this specific information from our ongoing investigation.”
Featured image: Canva / Ideogram