Dell reports data breach allegedly exposing 49 million customers

Dell is reporting a massive data breach, allegedly impacting approximately 49 million customers. A threat actor, known as Menelik, attempted to sell the stolen data on the Breach Forums on April 28th.

The data set sold on Breach Forums supposedly contained information on customers who purchased Dell systems between 2017 and 2024. The post has been since removed, indicating a possible sale of the data set to another hacker.

Potential exploits of the data could include physical mailings containing phishing links or malicious media such as USB drives or DVDs designed to install malware, and phone call scams.

The breach occurred through unauthorized access to a Dell portal containing customer data related to purchases. The exposed information includes:

• Names
• Physical addresses
• Dell hardware and order information (including service tags, item descriptions, dates of orders, and related warranty details)

The details of the attack have not been disclosed. It remains unclear whether the breach was due to external cybercriminals or an internal error.

Dell claims that no financial or payment information, email addresses, or telephone numbers were compromised. The company is collaborating with law enforcement and a third-party forensics firm to investigate the incident further.

Dell has reassured customers that the risk is minimal due to the nature of the compromised information. However, they advise vigilance against any suspicious communications purporting to be from Dell, particularly those asking to install software or provide sensitive information. Dell continues to monitor the situation and has implemented containment measures.