On May 9, 2024, Dell Technologies sent an email advisory to multiple clients informing them that a Dell portal had been compromised which contained a database with limited types of customer data related to purchases from Dell. Per Dell, given the type of information involved, the organization did not believe there was a significant risk to its customers.
According to Dell, the information exposed included:
Name
Physical address
Dell hardware and order information – service tag, item description, date of order, warranty information
Dell has also confirmed that the following information was NOT exposed:
Financial or payment information
Email address
Phone number
Dell has since confirmed this compromise was a breach of resources and that the organization has contacted law enforcement.
Our team at Burk IT and I have been following this situation closely and we are confident that overall risk to our clients and clients in general who purchase Dell hardware, either directly from Dell or through other resellers, is low. The information exposed is, in general, publicly available or is not actionable as a threat to most clients.
That said, it is important that all organizations review this situation and document this incident appropriately in accordance with all applicable incident response policies and procedures. As such, the following is a general outline of the relevant incident information:
Incident:
Compromise of Dell Technologies Portal
Incident Type:
Industry level – Unauthorized Access of information
Date:
May 9, 2024 – 9:43am (dates and times of notification emails vary)
Threat to organization:
Possible exposure of order related information at Dell Technologies
Description of Incident:
A Dell portal was compromised which contained a database with limited types of customer data related to purchases from Dell. Possible compromised information included customer name, physical address, and Dell hardware order information.
Affect to the Organization’s IT Environment:
At this time, there does not appear to be any significant effect or risk related to this incident.
Actions Taken by the Organization:
The organization has documented this incident and continues to monitor the situation.