Michael Dell, Chairman and CEO of Dell Technologies, is speaking in front of the Dell logo during the ''New Strategies for a New Era'' keynote at the Mobile World Congress in Barcelona, Spain, on February 27, 2024. (Photo by Joan Cros/NurPhoto via Getty Images)


Technology giant Dell notified customers on Thursday that it experienced a data breach involving customers’ names and physical addresses.

In an email seen by TechCrunch and shared by several people on social media, the computer maker wrote that it was investigating “an incident involving a Dell portal, which contains a database with limited types of customer information related to purchases from Dell.”

Dell wrote that the information accessed in the breach included customer names, physical addresses and “Dell hardware and order information, including service tag, item description, date of order and related warranty information.” Dell did not say if the incident was caused by malicious outsiders or inadvertent error.

The breached data did not include email addresses, telephone numbers, financial or payment information, or “any highly sensitive customer information,” according to the company. 

The company downplayed the impact of the breach in the message.

“We believe there is not a significant risk to our customers given the type of information involved,” Dell wrote in the email.

When TechCrunch reached out to Dell for comment, asking specific questions such as how many customers were impacted, how the breach occurred and why the company considers that a breach of physical addresses does not pose “a significant risk” to customers, the company responded with a boilerplate version of the email it sent to affected customers. 

A Dell spokesperson, who declined to provide their name, later added: “We are not disclosing this specific information from our ongoing investigation.” Dell did not provide a reason.

On April 29, the website Daily Dark Web reported that someone on a hacking forum was advertising “customer and other information of systems purchased from Dell between 2017 and 2024.”

The person claimed that the dataset included information on 49 million people, and information such as full name, full address, the system’s service tag, customer number, and more. This is data that would align with what Dell disclosed was stolen. 

Dell’s spokesperson declined to comment on the forum post, and did not dispute the hacker’s claims.

UPDATE, May 9, 2:12 p.m. ET: This story was updated to add information about the hacking forum post.





Source link