Dell customer order database of '49M records' stolen, now up for sale on dark web Dell has confirmed information about its customers and their orders has been stolen from one of its portals. Though the thief claimed to have swiped 49 million records, which are now up for sale on the dark web, the IT giant declined to say how many people may be affected. According to the US computer maker, the stolen data …
“ Dell says once it discovered the digital break-in, it began an investigation, took steps to contain the damage, notified law enforcement, and hired a third-party forensic firm.”
Well despite having 130K employees and a market cap of about USD$95bn (In its peer group I’d colour that as Red) it has to hire that capability in …. !!?
Seems like cause and effect.
I was a victim of the AT and T breach of a few weeks back. I had not been an AT and T customer since 2011 but they retained my info including my SSN and now it is out on the web for the world and dog to use to perpetuate identity fraud. I cant see how this is legal and why it does not make them automatically liable for any damage caused from the use of the info. I guess it is one of the price we pay for living in the "land of the free to be defrauded". Somehow they think they should get away with just offering a year of free credit monitoring.
Crap legal analogy detected.
For one thing, corporations are held to different standards than private individuals in their homes. For another, there are regulations specifically around protecting PII. For a third, AT&T should not have retained the data in question, since OP was no longer a customer.
So...the DellServ system AFTER the migration to "Dell on Dell" Oracle , not the historic DellServ running on bespoke code on the redundant pair of Tandem Non-Stops.
The olde DellServ/DCS was as user friendly as a hedgehog with diaper rash drunk on tequila. The move to Dell on Dell/Oracle was viewed as a huge leap forward.
Since the data was exfiltrated via a "Portal" - as a former insider, I am curious as to whether it is from the consumer side or business side of the business - most all internal systems only "see" one side or t'other, based on certain values in. the data set. Unless "Dell on Dell" broke that too.
Agree with the posts re: protects your grans...the hints given is that this was from the support side of the house and there is a LOT of information to be had there if the hack had time to dig deep.
"Dell Technologies takes the privacy and confidentiality of your information seriously. We are currently investigating an incident involving a Dell portal, which contains a database with limited types of customer information related to purchases from Dell.
We believe there is not a significant risk to our customers given the type of information involved."
Hmm. Really? Parsed by AItm everyone, this translated as follows:
Dell Technologies takes the adverse media coverage over a privacy breach seriously. We are currently wishing we'd bothered to pen test this Dell portal a little but have hired-in some third parties to protect ourselves as much as we can from any legal redress. You, dear customer, are now on your own. Good luck.
The email sat in my Inbox overnight, I read it this morning then needed to refer back to it... it's not there.
WTF?
Yes, this is a 365 story.
Did I delete it? Nope
Did I ultra delete it? (Checks Recovery) Nope
Search for all dell.com emails. It's not there.
Was I having a brainfart and it was actually in one of my personal accounts? Nope
Ok. I tried Message Trace and Hunt. It's been Quarantined because I have a Protected account despite it being an extremely well-formed DKIM'd email from a well-known sender.
FFS I'd already read it. Thanks Microsoft.
Waiting for the fun fall out of when they trick someone into putting a malicious string in the ILO, which will result in LO
it will reachout to web if you put a url in it, and run whatever command it's told to.
Block your ILO port Outbound, at least set a FW rule.
Future vision: And wasn't it nice of (fake) Dell to send everyone thumb drives with BIOS updates. You know the BIOS's that have their own OS that can,,, I dont' have this much time.
Lights Out!
Probable one of the least competent providers in our market. My experience with Dell was horrible 20 years ago. They lied and lied and lied. And if you think they aren't lying about the info for sale you should buy another Dell computer since the degenerates who hacked them won't get your financial details.
They won't have to have been competent hackers to beat Dell. My dogs might get through them.
> the Dell database now up for sale on a cyber-crime forum includes the following columns:
Province and postal code? I live in a country with provinces (not states) and postal (not post) codes!
Checks email…
Ah, crap. Yup, got the email. In French. Merde! I live in a country and province with French and English as official languages! Good thing (!?) I understand French well enough to get the gist of what Dell has done to me.
Dell… a company that can screw you multilingually.
Dear <redacted>,
Thank you for reaching out. We genuinely appreciate your response and understand the concern you've raised. Please accept our sincerest apologies for any inconvenience caused by this incident.
Dell Technologies takes the privacy, confidentiality and security of your information seriously.
We recently identified an incident involving a Dell portal with access to a database containing limited types of customer information related to purchases from Dell.
The information types involved are limited to name, physical address and Dell hardware and order information, including service tag, item description, date of order and related warranty information.
The information involved does not include financial or payment information, email address, telephone number or any highly sensitive customer information.
We do not believe there is a significant risk to our customers given the type of information involved.
Upon identifying the incident, we promptly implemented our incident response procedures, began investigating, took steps to contain the incident and notified law enforcement. We also engaged a third-party forensics firm to investigate this incident.
Sincerely,
Dell | Customer Care
-----
Am I alone in thinking it's reasonable to get a copy of the data they've leaked so we can assess the risk to our business?
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2025
