Catch Of The Week: Dell Data Breach

By REBECCA RUTHERFORD
Los Alamos
For the Los Alamos Daily Post

Data breaches are never good, but are becoming increasingly common in today’s digital world.  Cyber security is frequently an afterthought. It’s not important until … it is!

Earlier this month Dell notified users who had been impacted by this data breach, stating that information accessed in the breach included customer names, physical addresses and “Dell hardware and order information, including service tag, item description, date of order and related warranty information.” Dell did not provide additional details on the incident.

The breached data from this first incident did not include email addresses, telephone numbers, financial or payment information, or “any highly sensitive customer information,” according to Dell.

The company further stated in the email, “We believe there is not a significant risk to our customers given the type of information involved.”

On April 29, the website Daily Dark Web reported that a hacking forum was advertising “customer and other information of systems purchased from Dell between 2017 and 2024.”

The dataset claimed to include information on 49 million people, and information such as full name, full address, the system’s service tag, customer number and more.

According to an article by TechCrunch, the bad actor created several “partner” accounts on a Dell service portal, and used these accounts to brute-force guess Dell customer service ticket IDs. According to the bad actor, he sent 5,000 requests per minute to the Dell portal. According to him, he kept doing this for nearly 3 weeks and Dell didn’t notice anything. After he got enough data he claims to have emailed Dell to notify them of the vulnerability.

Courtesy photo

Last week the bad actor spoke with TechCrunch again, claiming to have stolen more data from yet another Dell portal, this time containing names, phone numbers and email addresses of Dell customers. TechCrunch has confirmed that samples of the data appear genuine. 

You may have already received a notification if you were affected, but it’s possible they are still notifying customers. Be wary of any emails purporting to be from Dell, as the stolen information, if sold on the dark web, will be perfect for crafting expert level phishing emails impersonating Dell. 

Stay safe online, be aware of this new breach and how it might affect you. If you have been affected, watch out for Dell or other tech support themed phishing emails.

Editor’s note: Rebecca Rutherford works in information technology at Los Alamos National Laboratory.

Search
LOS ALAMOS

ladailypost.com website support locally by OviNuppi Systems