Dell Technologies is currently investigating a potential cyber attack after a threat actor posted over 10,000 employees’ data on a dark web hacker forum.
The threat actor, who uses the alias "grep", claimed to have gained access to Dell's international IT systems after a supposed data breach, which allowed them to steal employee data including full names, and job status.
In a post on a hacking forum on September 19, 2024, the threat actor revealed that the tech giant experienced a “minor” data breach earlier this month, resulting in the theft of over ten thousand (10,863) employee records.
Grep says that the stolen data includes employees' unique identifiers, full names of employees for Dell and partners, status of employees (active or not), and an internal identification string.
The hacker just shared a small portion of the data for free but provided a link to the entire database of hacked information. Users on the hacker forum have to pay 1 BreachForums credit, valued at approximately $0.30 to access the data.
Dell is examining the hacking claims after the hacker’s post was made public.
"We are aware of the claims and our security team is currently investigating," the tech giant said in a statement.
Risk of misusing compromised data
Dell is just one of the large corporations targeted by greb in recent months. Earlier this month, the hacker also claimed responsibility for another high-profile data breach on Capgemini, where he claimed to have stolen over 20GB of data.
This data includes source code, credentials, private keys, API keys, employee data, T-Mobile virtual machine logs, documents, and more.
It's also not the first cyber incident for Dell, who suffered another data breach earlier this year. A threat actor claiming responsibility revealed that they scraped the information of 49 million customer records using a partner portal API they accessed as a fake company.
Anna Collard, SVP for content strategy at KnowBe4 Africa told EM360Tech that data breaches are an increasingly prevalent threat, especially for larger tech companies like Dell, which handle vast amounts of customer and (in this case) employee information.
“Such incidents not only pose significant risks to the company itself but also to individuals whose personal data may be compromised, leading to potential identity theft or other misuse.”
Collard suggested that adversaries could use that information for targeted phishing attempts, impersonation of employees for further breaches or to trick others into granting them potential access to restricted areas of Dell's infrastructure or installing malware.
“However, it's important to remember that Dell is still in the process of investigating this incident,” Anna added.
“We should refrain from drawing any conclusions until they release their formal statement with the full facts. Transparency and responsible communication from all parties involved is crucial during these situations in cybersecurity culture."
Bethany Smith, an expert from Eskenzi PR recommends watching out for signs of phishing attempts including unsolicited texts and emails. These emails could comprise suspicious files or links and urgent language.
"Sign up for a dark web monitoring service like BreachWatch so you can be notified immediately if your information has been compromised," Bethany told EM360Tech.
‘Rethink data security’
Erfan Shadabi, a cyber security expert from Comforte AG also told EM360Tech that the recent data breach on Dell demonstrates just how important it is for every organization to rethink data security.
“Dell must now assess just how much sensitive information has been released. Hopefully, they can navigate this situation effectively with minimal damage.”
“The distressing fact is that ordinary individuals and users invariably find themselves at the mercy of organizations failing to fortify their data against potential breaches,” Erfan added.
According to the UK government cyber security risks including data breaches, phishing, and identity theft among many others continue to persist and remain a common threat.
The government estimated that the single most disruptive breach from the last 12 months cost each business, of any size, an average of approximately £1,205.
For medium and large businesses, this was approximately £10,830. For charities, it was approximately £460.
Half of businesses (50%) and around a third of charities (32%) seem to have reported experiencing some form of cyber security breach or attack in the last 12 months.
Earlier this year, Snowflake, a cloud data platform provider with a huge corporate customer portfolio also experienced a data breach that resulted in the theft of hundreds of millions of customer records.
The firm’s customers included Ticketmaster, Advance Auto Parts, TEG, Neiman Marcus, Santander Bank, and Los Angeles Unified School District.
Among them, Ticketmaster, an American ticket sales and distribution company, was the victim of a massive data breach. Cybercriminals stole an alleged 560 million records of customer data.
They also stole 79 million records from Advance Auto Parts and nearly 30 million records from TEG — by using robbed credentials of data engineers with access to their employer’s Snowflake environments.
Erfan believes the fallout from such kind of cyber incidents can vary from identity theft to financial losses, leaving users vulnerable to a myriad of cyber threats.
“The ironic thing is that enterprises can avoid the threat of leaked hijacked data simply by taking a data-centric approach to protect sensitive information.”
Using tokenization or format-preserving encryption, businesses can also obfuscate any sensitive data within their data ecosystem, rendering it incomprehensible no matter who has access to it.
“These reports should all be treated as cautionary tales, as any enterprise might find itself in the same boat without the proper data-centric approach,” the cyber security expert told EM360Tech.
Bethany also added data shows the human element is a lot more difficult to protect, and often, the most error-prone element of the attack chain.
This is why organizations should focus on executing zero-trust security architecture and a policy of least access to prevent unauthorized privilege escalation and ensure strict enforcement of user access roles.
She further told EM360Tech that a Privileged Access Management (PAM) platform is essential for managing and securing privileged credentials.
This helps verify "least privilege access and preventing lateral movement in the event of a breach."
