top of page

Responding to and Documenting the Dell Portal Compromise

On May 9, 2024, Dell Technologies sent an email advisory to multiple clients informing them that a Dell portal had been compromised which contained a database with limited types of customer data related to purchases from Dell.  Per Dell, given the type of information involved, the organization did not believe there was a significant risk to its customers.

 

According to Dell, the information exposed included:

  • Name

  • Physical address

  • Dell hardware and order information – service tag, item description, date of order, warranty information

 

Dell has also confirmed that the following information was NOT exposed:

  • Financial or payment information

  • Email address

  • Phone number

 

Dell has since confirmed this compromise was a breach of resources and that the organization has contacted law enforcement.

 

Our team at Burk IT and I have been following this situation closely and we are confident that overall risk to our clients and clients in general who purchase Dell hardware, either directly from Dell or through other resellers, is low.  The information exposed is, in general, publicly available or is not actionable as a threat to most clients.

 

That said, it is important that all organizations review this situation and document this incident appropriately in accordance with all applicable incident response policies and procedures.  As such, the following is a general outline of the relevant incident information:

 

Incident:

Compromise of Dell Technologies Portal

 

Incident Type:

Industry level – Unauthorized Access of information

 

Date:

May 9, 2024 – 9:43am (dates and times of notification emails vary)

 

Threat to organization:

Possible exposure of order related information at Dell Technologies

 

Description of Incident:

A Dell portal was compromised which contained a database with limited types of customer data related to purchases from Dell.  Possible compromised information included customer name, physical address, and Dell hardware order information.

 

Affect to the Organization’s IT Environment:

At this time, there does not appear to be any significant effect or risk related to this incident.

 

Actions Taken by the Organization:

The organization has documented this incident and continues to monitor the situation.

2 views

Comments


bottom of page