On April 29, 2024, a user on the “Daily Dark Web” offered to sell alleged personal information of 49 million people who bought Dell gear from 2017 to 2024. Then on May 9, 2024, Dell started warning customers of a data breach after a threat actor claimed to have stolen information from approximately 49 million customers. Dell is declining to elaborate on the vague wording of the email sent out to customers, and the information being sold on the “Daily Dark Web”.
Dell stated that this breach “…is not a significant risk to our customers given the type on information involved”. As shown in the email, the information breached were names, physical addresses, and almost all dell information that is included in the purchase order. Dell stresses that “financial or payment
information, email addresses, telephone numbers, or any highly sensitive customer information” is not included in this breach. I personally believe this statement, but you have to remember that this is still an ongoing investigation, and this could change.
As I stated at the beginning, a user on the “Daily Dark Web” by the name Menelik was selling data that includes 49 million customers of Dell.
This post has been deleted for the site, which could indicate a sale of the database. A threat actor could monetize this information through various attacks even with the information that was taken. With names and address, an actor could send you various letters in the mail attempting to access more information as a form of phishing. Also, they could attack Dell again posing as a customer since they have all of the necessary data. I would have like to have seen that Dell is adding procedures for customer verification in the email sent out regarding this breach. They did say that our incident response procedures have been implemented so we can hope that this is included in those procedures.
If you have had any business with Dell from 2017-2024, or at any time really, and notice any suspicious activity on your accounts please contact the email address given in the notice as Dell would appreciate the tip and help mitigate any customer risk.
Leave a Reply