Massive Dell data breach hits 49 million users — what you need to know
Names and physical addresses exposed but not financial information
Dell has begun warning customers that their personal information may have been exposed in a massive data breach which affects 49 million customers.
As reported by BleepingComputer, the U.S. computer maker recently began sending out data breach notifications to affected customers in which it explained that an attacker managed to gain unauthorized access to an online portal containing customer information related to purchases on its site.
Fortunately for affected customers though, it appears that only personal information was stolen during this attack and financial information wasn’t accessed. According to Dell’s data breach notification, the names, physical addresses along with hardware and order information were stolen from its systems.
Whether you or your company recently bought a laptop, desktop or even accessories from Dell, here’s everything you need to know about this data breach along with some tips on how to stay safe following this attack.
Already for sale on the dark web
According to a separate report from Daily Dark Web, back on April 28th, a threat actor who goes by Menelik online tried to sell a Dell database on the hacking forum Breach Forums.
In their post, the hacker explained that they stole data from 49 million Dell customers who purchased systems from the company between 2017 and 2024. Although BleepingComputer and other outlets have yet to confirm whether or not this is the same data, it does match the information laid out in Dell’s data breach notification.
Of the 49 million Dell customers affected, 7 million are related to individual or personal purchases from the company's site while 11 million are from consumer segment companies and the rest are from enterprise, partner or schools that Menelik was unable to identify. Likewise, the majority of the affected customers are from the U.S., China, India, Australia and Canada.
Sign up to get the BEST of Tom's Guide direct to your inbox.
Get instant access to breaking news, the hottest reviews, great deals and helpful tips.
The original post on the hacking forum has since been taken down. This could indicate that another hacker purchased the database of stolen information with the aim of using it in future attacks.
What to do after a data breach
Normally following a data breach of this size, we would recommend that affected customers check their bank statements and sign up for the best identity theft protection. However, as financial information wasn’t exposed, our advice on how to stay safe is a bit different this time around.
With your full name, physical address and Dell purchase history in hand, it’s more likely that whoever bought this stolen database will try to launch targeted phishing attacks against affected customers. These can come in the form of spoofed emails impersonating Dell to physical letters sent via mail.
Regardless of how you’re contacted, a hacker would likely use either a tech support scam or an unpaid invoice to try and trick you into providing them with financial information or the credentials for one of your online accounts. This is why affected Dell customers need to remain vigilant when checking their inboxes or mailboxes for the foreseeable future.
At the same time, BleepingComputer points out that hackers may try to infect vulnerable PCs with malware by sending out malicious flash drives to affected users. For this reason, you should never insert an unknown flash drive or other storage device into your computer. If you do though, you want to disconnect the computer from the internet to prevent any malware from spreading across your network and you also want to have the best antivirus software installed to catch any viruses the drive may contain.
In an email to Tom's Guide, a Dell spokesperson provided further insight on the matter, saying:
"We recently identified an incident involving a Dell portal with access to a database containing limited types of customer information including name, physical address and certain Dell hardware and order information. It did not include financial or payment information, email address, telephone number or any highly sensitive customer data.
"Upon discovering this incident, we promptly implemented our incident response procedures, applied containment measures, began investigating and notified law enforcement. We have also engaged a third-party forensics firm to investigate this incident. We continue to monitor the situation and take steps to protect our customers’ information. Although we don’t believe there is significant risk to our customers given the type of information involved, we are taking proactive steps to notify them as appropriate."
We’ll likely hear more from Dell once the company finishes its investigation.
More from Tom's Guide
- Over 850,000 people hit with online shopping scam that steals credit cards
- Scammers are tricking Android users into installing a fake antivirus app
- Cuckoo macOS malware can take over all Macs and steals your passwords too
Anthony Spadafora is the managing editor for security and home office furniture at Tom’s Guide where he covers everything from data breaches to password managers and the best way to cover your whole home or business with Wi-Fi. He also reviews standing desks, office chairs and other home office accessories with a penchant for building desk setups. Before joining the team, Anthony wrote for ITProPortal while living in Korea and later for TechRadar Pro after moving back to the US. Based in Houston, Texas, when he’s not writing Anthony can be found tinkering with PCs and game consoles, managing cables and upgrading his smart home.