Dell is currently investigating claims of a data breach after a hacker released information allegedly belonging to over 10,000 employees. The claims were made by a threat actor known as "grep," who posted the information on a well-known hacking forum.
According to "grep," the breach occurred in September 2024 and resulted in the exposure of sensitive internal data, including unique employee identifiers, full names, employment status (active or inactive), and internal identification strings for both Dell employees and its partners.
The hacker shared a small sample of this data for free and offered the full dataset for sale on the forum for 1 BreachForums credit, which is roughly valued at $0.30.
Dell have confirmed that they are looking into the situation. “We are aware of the claims, and our security team is actively investigating,” Dell stated.
Interestingly, "grep" has previously made similar high-profile breach claims. Earlier in September, the same individual posted data allegedly stolen from Capgemini, a French IT services company. The breach supposedly contained 20 GB of sensitive data, including source code, credentials, API keys, private keys, employee information, and more. In that case, Capgemini did not respond to inquiries regarding the incident.
This is not the first time Dell has faced a security breach. Earlier in 2024, the company was impacted by an attack where a misused API exposed 49 million customer records. While the current claims remain under investigation, these incidents highlight the continued importance of robust security measures in protecting sensitive data.
For businesses of all sizes, these breaches serve as a reminder of the importance of reviewing their security practices and remaining vigilant against evolving cyber threats. If you're concerned about your organisation's cyber security posture, it may be time to consider a thorough security assessment to help identify vulnerabilities before they become costly breaches.
