{"id":24481,"date":"2024-05-10T06:10:06","date_gmt":"2024-05-10T14:10:06","guid":{"rendered":"http:\/\/www.palada.net\/index.php\/2024\/05\/10\/news-18211\/"},"modified":"2024-05-10T06:10:06","modified_gmt":"2024-05-10T14:10:06","slug":"news-18211","status":"publish","type":"post","link":"https:\/\/www.palada.net\/index.php\/2024\/05\/10\/news-18211\/","title":{"rendered":"Dell notifies customers about data breach"},"content":{"rendered":"\n<p>Dell is warning its customers about a data breach after a cybercriminal offered a 49 million-record database of information about Dell customers on a cybercrime forum.<\/p>\n<p>A cybercriminal called Menelik posted the following message on the \u201cBreach Forums\u201d site:<\/p>\n<blockquote class=\"wp-block-quote\">\n<p>\u201cThe data includes 49 million customer and other information of systems purchased from Dell between 2017-2024.<\/p>\n<p>It is up to date information registered at Dell servers.<\/p>\n<p>Feel free to contact me to discuss use cases and opportunities.<\/p>\n<p>I am the only person who has the data.\u201d<\/p>\n<\/blockquote>\n<figure class=\"wp-block-image size-large is-resized\"><img decoding=\"async\" loading=\"lazy\" width=\"1096\" height=\"765\" src=\"https:\/\/www.malwarebytes.com\/wp-content\/uploads\/sites\/2\/2024\/05\/Data_for_sale.png?w=1024\" alt=\"Data Breach forums post by Menelik\" class=\"wp-image-110376\" style=\"width:1200px;height:auto\" \/><figcaption class=\"wp-element-caption\">Screenshot taken from the Breach Forums<\/figcaption><\/figure>\n<p>According to Menelik the data includes:<\/p>\n<ul>\n<li>The full name of the buyer or company name<\/li>\n<li>Address including postal code and country<\/li>\n<li>Unique seven digit service tag of the system<\/li>\n<li>Shipping date of the system<\/li>\n<li>Warranty plan<\/li>\n<li>Serial number<\/li>\n<li>Dell customer number<\/li>\n<li>Dell order number<\/li>\n<\/ul>\n<p>Most of the affected systems were sold in the US, China, India, Australia, and Canada.<\/p>\n<p>Users on Reddit reported getting an <a href=\"https:\/\/www.reddit.com\/r\/privacy\/comments\/1cnlbwr\/dell_data_leak\/\">email<\/a> from Dell which was apparently sent to customers whose information was accessed during this incident:<\/p>\n<blockquote class=\"wp-block-quote\">\n<p>\u201cAt this time, our investigation indicates limited types of customer information was accessed, including:<\/p>\n<ul>\n<li>Name<\/li>\n<li>Physical address<\/li>\n<li>Dell hardware and order information, including service tag, item description, date of order and related warranty information.<\/li>\n<\/ul>\n<p>The information involved does not include financial or payment information, email address, telephone number or any highly sensitive customer information.\u201d<\/p>\n<\/blockquote>\n<p>Although Dell might be trying to play down the seriousness of the situation by claiming that there is not a significant risk to its customers given the type of information involved, it is reassuring that there were no email addresses included. Email addresses are a unique identifier that can allow data brokers to merge and enrich their databases.<\/p>\n<p>So, this is another big data breach that leaves us with more questions than answers. We have to be careful that we don\u2019t shrug these data breaches away with comments like \u201cthey already know everything there is to know.\u201d<\/p>\n<p>This kind of information is exactly what scammers need in order to impersonate Dell support.<\/p>\n<h2 class=\"wp-block-heading\" id=\"h-protecting-yourself-from-a-data-breach\">Protecting yourself from a data breach<\/h2>\n<p>There are some actions you can take if you are, or suspect you may have been, the&nbsp;<a href=\"https:\/\/www.malwarebytes.com\/blog\/personal\/2023\/09\/involved-in-a-data-breach-heres-what-you-need-to-know\">victim of a data breach<\/a>.<\/p>\n<ul>\n<li><strong>Check the vendor\u2019s advice.<\/strong>&nbsp;Every breach is different, so check with the vendor to find out what\u2019s happened, and follow any specific advice they offer.<\/li>\n<li><strong>Change your password.<\/strong>&nbsp;You can make a stolen password useless to thieves by changing it. Choose a&nbsp;<a href=\"https:\/\/www.malwarebytes.com\/computer\/how-to-create-a-strong-password\" target=\"_blank\" rel=\"noreferrer noopener\">strong password<\/a>&nbsp;that you don\u2019t use for anything else. Better yet, let a&nbsp;<a href=\"https:\/\/www.malwarebytes.com\/what-is-password-manager\" target=\"_blank\" rel=\"noreferrer noopener\">password manager<\/a>&nbsp;choose one for you.<\/li>\n<li><strong>Enable two-factor authentication (2FA).<\/strong>&nbsp;If you can, use a FIDO2-compliant hardware key, laptop or phone as your second factor. Some forms of&nbsp;<a href=\"https:\/\/www.malwarebytes.com\/glossary\/multi-factor-authentication-mfa\" target=\"_blank\" rel=\"noreferrer noopener\">two-factor authentication (2FA)<\/a>&nbsp;can be phished just as easily as a password. 2FA that relies on a FIDO2 device can\u2019t be phished.<\/li>\n<li><strong>Watch out for fake vendors.<\/strong>&nbsp;The thieves may contact you posing as the vendor. Check the vendor website to see if they are contacting victims, and verify any contacts using a different communication channel.<\/li>\n<li><strong>Take your time.<\/strong>&nbsp;Phishing attacks often impersonate people or brands you know, and use themes that require urgent attention, such as missed deliveries, account suspensions, and security alerts.<\/li>\n<li><strong>Set up identity monitoring.<\/strong>&nbsp;<a href=\"https:\/\/www.malwarebytes.com\/identity-theft-protection\">Identity monitoring<\/a>&nbsp;alerts you if your personal information is found being traded illegally online, and helps you recover after.<\/li>\n<\/ul>\n<h2 class=\"wp-block-heading\" id=\"h-check-your-digital-footprint\">Check your digital footprint<\/h2>\n<p>If you want to find out how much of your data has been exposed online, you can try our&nbsp;<a href=\"https:\/\/www.malwarebytes.com\/digital-footprint\">free Digital Footprint scan<\/a>. Fill in the email address you\u2019re curious about (it\u2019s best to submit the one you most frequently use) and we\u2019ll send you a free report.<\/p>\n<div class=\"wp-block-malware-bytes-button mb-button\" id=\"mb-button-7ba16f0b-04e8-4679-9512-2f21a0971dcf\">\n<div class=\"mb-button__row u-justify-content-center\">\n<div class=\"mb-button__item mb-button-item-0\">\n<p class=\"btn-main\"><a href=\"https:\/\/www.malwarebytes.com\/digital-footprint?utm_source=blog&amp;utm_medium=social&amp;utm_campaign=b2c_pro_acq_fy25dfplaunch_171269600960&amp;utm_content=V1\"><\/a><a href=\"https:\/\/www.malwarebytes.com\/digital-footprint\">SCAN NOW<\/a><\/p>\n<\/div>\n<\/div>\n<\/div>\n<p><a href=\"https:\/\/www.malwarebytes.com\/blog\/news\/2024\/05\/dell-notifies-customers-about-data-breach\" target=\"bwo\" >https:\/\/blog.malwarebytes.com\/feed\/<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p> Dell has notified some customers about a data breach reported to include 49 million records. <\/p>\n","protected":false},"author":4,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_container_layout":"default_layout","colormag_page_sidebar_layout":"default_layout","footnotes":""},"categories":[10488,10378],"tags":[32,5897],"class_list":["post-24481","post","type-post","status-publish","format-standard","hentry","category-malwarebytes","category-security","tag-news","tag-privacy"],"_links":{"self":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/24481","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/comments?post=24481"}],"version-history":[{"count":0,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/24481\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/media?parent=24481"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/categories?post=24481"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/tags?post=24481"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}