Dell breached, customer data stolen (2024)

Sicherheit (Pexels, allgemeine Nutzung)[German]Dell has informed customers by email that there has been a data leak (a hack). A database was accessed in which customer data such as name and address, as well as the hardware ordered from Dell, is stored. Dell sees the incident as "less serious", especially as no financial data was stolen. But the data leak affects millions of Dell customers who were registered there. Addendum: And the data was traded in a hacker forum, although the post there has probably since been deleted.


Information from the readers

Several readers have just emailed me (thank you) to inform me that they have been notified by Dell of a privacy incident. The message is titled "Important Notice from Dell" and comes from communications[at] and was sent with a timestamp of May 9, 2024 8:24:30 PM.

Dell says that it is investigating an incident in connection with a Dell portal. This portal contained a database with limited types of customer data relating to purchases at Dell, as the manufacturer writes in a trivialized manner. Dell does not believe that there is a significant risk to those affected given the nature of the data. But one reader puts it this way:

Since the service tags are also affected, this is sure to be another feast for phone scammers.

It is of course easier to pretend to be internal IT support and get people to start applications if the computer they are sitting in front of is known and is also labeled with the service tag from the factory: "Hey, this is internal IT support. Are you sitting in front of computer labeled X, correct? Absolutely must […] please start X"

The argument cannot be dismissed out of hand, even if I postulate that very few Dell users are aware of the service tag. So far, Dell admits that investigations at this stage have revealed that limited types of customer data have been accessed, but these include the following:

  • Physical address
  • Dell hardware and order information, including service tag, item description, order date and related warranty information

The data in question does not include financial or payment information, email address, phone number or highly sensitive customer data, Dell writes.

Upon discovery of the incident, Dell claims to have promptly implemented its incident response procedures, commenced an investigation, taken steps to contain the incident and notified law enforcement. I find it interesting that there is no mention of reporting to the relevant data protection authorities – but this is relevant for German or European customers.


Dell states that it has also commissioned an external forensic company to investigate this incident. Dell writes that it will continue to monitor the situation. I say: "Nice shit, now a lot of customers are screwed again, even if allegedly no e-mail addresses were stolen.

Data in a hacker forum

My reading is that Dell did not notice the incident itself, but was informed by a third party. My colleague Lawrence Abrams has also taken up the matter and writes that 49 million users were affected.

Meine Lesart ist, dass Dell den Vorfall nicht selbst bemerkt hat, sondern von Dritten informiert wurde. Kollege Lawrence Abrams hat den Sachverhalt ebenfalls aufgegriffen und schreibt, dass 49 Millionen Nutzer betroffen seien.

In his article, Abrams refers to the article Threat Actor Claims Sale of Dell Database Containing 49 Million Customer Records from April 29, 2024. It contains the information that there are reports of a significant data protection incident at Dell and that a threat actor is allegedly selling a database containing 49 million Dell customer records in a corresponding forum.

It also states that the alleged data includes information about systems purchased from Dell between 2017 and 2024. Screenshots of data were posted showing that the database contains a comprehensive collection of customer data. According to Abrams, the entry in the underground forum has since been deleted. This could indicate that the data was sold. However, it is unclear when the incident took place.

Cookies helps to fund this blog: Cookie settings

This entry was posted in Security and tagged . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *