Dell looking into claims of alleged data breach
Dell has confirmed it’s investigating a recent claim of a hacker that he stole information from over 10,000 employees.
A threat actor that calls himself ‘grep’ published a message on BreachForums, a popular hacking forum on the dark web, in which he says Dell suffered ‘a minor data breach’ earlier this month.
He claims to have stolen data from 10,800 current and former employees for Dell and partners, including full names, employee ID, employee status and employee internal ID.
To prove his claims, ‘grep’ posted a small sample of the data for free.
BleepingComputer decided to contact Dell to see what they knew about the alleged data breach. A spokesperson told the tech site the company was aware of the claims and that their security team is currently investigating the matter.
The Texas-based tech company had nothing further to add to this short statement.
This isn’t the first time this year Dell is involved in a data breach. In May the company sent notifications to customers to warn them their personal data had been stolen.
A hacker called ‘Menelik’ stated that he was able to steal personal information of 49 million customers by misusing a portal for partners. Once he had access he was able to harvest client information, without Dell blocking any attempts to obtain this data.
‘Menelik’ was able to obtain full names, postal addresses, and purchasing history.
In April, he emailed Dell’s security team multiple times to report the bug to its portal for partners, but received no response. Two weeks later the bug was fixed, after the data was put on sale on the dark web.
“Prior to receiving the threat actor's email, Dell was already aware of and investigating the incident, implementing our response procedures and taking containment steps. We have also engaged a third-party forensics firm to investigate,” a Dell spokesperson said at the time to TechCrunch.
Your email address will not be published. Required fields are marked