Dell 'security incident' might affect millions

Dell notified customers that a company portal connected to customer data exposed orders, names and addresses, while reports indicate the data is now up for sale on the dark web.

Dell Technologies informed customers this week that a portal with access to a database of customer information was involved in a security incident.

The hardware and software vendor notified potentially affected customers by email, stating that the database contained names, physical addresses, Dell hardware and order information, service tags, order dates and related product information.

"We believe there is not a significant risk to our customers, given the type of information involved," the letter stated. It went on to suggest that customers contact Dell only if they notice suspicious activity in their accounts.

Dell is also working with a third-party forensics firm to investigate and has contacted law enforcement.

The exposed information may not immediately affect customers but represents a significant security oversight by one of the tech industry's largest vendors, according to Mike Matchett, founder and analyst of Small World Big Data.

It's extremely poor front-door security from a vendor who should know better.
Mike MatchettFounder and analyst, Small World Big Data

"It's extremely poor front-door security from a vendor who should know better," he said. "I'd wonder why they have vulnerable portals with such large customer databases in them to start with."

Dark web deals

Daily Dark Web first reported a potential security breach on April 29.

The site reported individuals on the dark web were attempting to sell data from 49 million Dell customer accounts. The data contained information on systems purchased between 2017 and 2024 for an array of customers including individuals, enterprises and schools. Dell has not confirmed how many customers it notified about the breach.

In a statement to TechTarget Editorial, Dell stated the company had, "identified an incident involving a Dell portal with access to a database containing limited types of customer information, including name, physical addresses and certain Dell hardware and order information."

Customer financial and payment information, email addresses and telephone numbers were not accessed, according to Dell.

Customers in online discussion groups reported receiving the letter Thursday, but Dell did not specify in the letter when the incident took place and did not provide that information to TechTarget Editorial.

Digital fallout

Dell certainly isn't the lone enterprise tech titan to have suffered a recent security incident, said Krista Macomber, an analyst at Futurum Group. Microsoft disclosed in January that it had suffered a data breach by Russian state-affiliated hackers.

Attacking these tech giants can result in a larger payday for ransomware or hacker groups, Macomber said, with the potential to mine customer credentials for additional attacks.

"What we are seeing is attackers are incentivized going after a larger vendor or security provider because they're able to access a web of customer information to extend their blast radius," she said.

Dell's exposure could trigger phishing attempts against customers even without personal identifiable information (PII) such as credit card numbers, Matchett said. Information like hardware serial numbers, order details and addresses could make a rogue actor appear like a Dell service employee enough to spoof an email or phone conversation.

"While it may not be PII specifically, it will open people up to phishing attacks," he said.

Tim McCarthy is a news writer for TechTarget Editorial covering cloud and data storage.

Dig Deeper on Data security and privacy

Enterprise Desktop
Cloud Computing