Dell confirms data breach affecting 49m people
No financial info stolen, but names and addresses were leaked
Tech giant Dell is notifying customers after a data breach compromised information for nearly 49 million users.
The company confirmed the breach on Wednesday and began emailing affected customers. There was both good news and bad news.
The good: Dell says the breached data does not include financial information, email addresses or phone numbers.
The bad: Hackers were able to access names, physical addresses and details about Dell hardware purchases, including service tags, descriptions, order dates and warranty information.
"We are currently investigating an incident involving a Dell portal, which contains a database with limited types of customer information related to purchases from Dell," the company said in its data breach notification, according to Bleeping Computer.
"We believe there is not a significant risk to our customers given the type of information involved."
The breach was first reported by Daily Dark Web, which said a threat actor named Menelik offered to sell a Dell database containing information on "49 million customers", specifically those who made purchases between 2017 and 2024.
Menelik's alleged database reportedly contained information on 7 million individual customers, 11 million from "consumer segment companies," and the remainder from enterprises, partners, schools or unidentified entities.
The post has since been deleted, suggesting that another threat actor may have already purchased the stolen database.
Dell is investigating the incident with law enforcement and a third-party forensics firm.
Customers should be on the lookout for suspicious emails or calls, and be cautious about communications referencing their Dell purchases.
This incident comes on the heels of a similar data breach at Hewlett Packard Enterprise in December last year, which the company made public through a securities filing in January.
The HPE breach occurred after a Russian hacking group associated with state actors compromised HPE's email servers, affecting a "small percentage" of mailboxes in various departments. The group was said to be the same one that targeted Microsoft email accounts in January 2024.