Dell Inc., the technology giant, has notified its customers of a data breach. According to an email obtained by Hackread.com, the breach affected a Dell portal housing customers’ information and their purchase history with Dell.
Details of the Breach
Although the company did not disclose the number of affected customers, the data compromised in the incident includes:
- Full names
- Physical address
- Dell hardware and order information, including service tag, item description, date of order and related warranty information.
Hacker Claims Responsibility
The positive aspect is that email addresses, passwords, and banking or card data were not part of the breach. However, Hackread.com has verified that a hacker using the alias “Menelik” on Breach Forums has recently claimed responsibility for the breach.
It’s important to highlight that while the connection between Dell’s reported data breach and Menelik’s claim remains unconfirmed, the hacker maintains that this is indeed the same breach and has provided additional details regarding the compromised data. Specifically, Menelik alleges to have acquired the personal information of over 49 million Dell customers. This data comprises:
- City
- Full Name
- Address
- Province
- Postal Code
- Warranty plan
- Company Name
- Dell Order Number
- Dell Customer Number
- System shipped date (order date)
- Unique 7-digit service tag of the system.
Customers by Country
Additionally, the hacker disclosed the countries with the highest number of affected Dell customers. These include:
- India
- China
- Canada
- Australia
- United States
Dell Data Being Sold to One Buyer
According to the hacker, the dataset consists of roughly 7 million rows of individual/personal purchase data and 11 million rows of consumer segment company data, and the rest comprises entries from enterprise clients, partners, educational institutions, and other entities. The data is currently being sold to a single buyer for an undisclosed amount.
What Dell is Doing?
Dell has taken several measures in response to the breach. They have notified law enforcement authorities and engaged a third-party forensic firm to investigate the incident.
Despite stating that they do not believe there is a significant risk due to the limited information compromised, the sale of data containing full names and physical addresses poses a considerable threat to customers.
This type of data exposure not only leaves individuals vulnerable to physical harm but also opens the door for threat actors to exploit the information in long-term social engineering attacks.
If you are among the victims of the recent Dell data breach, it’s crucial to remain alert. Hackers may use the stolen information to piece together additional details about you, including email addresses and data from previous breaches, increasing the risk of further exploitation.