Share this article on:
The computing giant has sent emails to its customers warning of a breach affecting names, addresses, and PC hardware details, with some Australian customers impacted.
Dell customers woke up to an alarming email this morning – the PC hardware manufacturer had been hacked, and customer data was impacted.
Dell has not shared how many of its customers have been impacted or shared any details on the nature of the hack but is confident that the incident has not compromised any financial or otherwise damaging information.
What has been breached, however, are customer names and addresses, as well as details of hardware purchases, warranty details, and service tags.
“Dell Technologies takes the privacy and confidentiality of your information seriously,” the alert email said.
“We are currently investigating an incident involving a Dell portal, which contains a database with limited types of customer information related to purchases from Dell. We believe there is not a significant risk to our customers given the type of information involved.”
What Dell is warning its customers of are tech support phone scams, which could use those hardware details to sound like a legitimate Dell support technician.
“Our investigation indicates your information was accessed during this incident, but we do not believe there is significant risk given the limited information impacted,” Dell said.
“However, you should always keep in mind these tips to help avoid tech support phone scams. If you notice any suspicious activity related to your Dell accounts or purchases, please immediately report concerns to [email protected].”
One concerned Dell customer was not even sure the email itself was legitimate, so they went directly to a Dell community support site, asking, “Did anybody get this or was it just me? Not sure it’s legit.”
A community manager replied, confirming it was a “legit Dell Securities email”.
The data appears to have been posted for sale on the Breach Forums hacking forum, with a user called Menelik saying that the data was up-to-date information from Dell purchases made between 2017 and 2204. The countries most represented in the data – according to the poster – are the United States, China, India, Australia, and Canada.
The data is in three parts: seven million rows of individual purchases, and 11 million rows of "consumer segment companies," while the rest are enterprise-grade customers, Dell partners, and schools.
The post has since been deleted, which could represent that it has already been sold.
Dell has warned customers of technical support scams before. In 2018, John Scimone – president and chief security officer at Dell – said in a blog post that such scams were becoming harder to spot.
“One such scam affecting Dell and other well-known companies – the telephone technical support scam – is becoming increasingly sophisticated and difficult to distinguish from legitimate tech support calls. In this scam, individuals claiming to work for Dell make unsolicited calls to customers and insist there is a technical problem with their Dell product,” Scimone said.
“They ultimately try to defraud customers by pressuring them to pay to fix the issue.”
With some of the dates in this breach, those scammers could be even harder to tell from the real deal.
Dell would not confirm if any Australian customers were affected by the data breach when asked by Cyber Daily.
UPDATED 10/05/24: Added Dell Australia’s response.
UPDATED 10/05/24: Added details of data for sale on hacking forum
David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.