Dell confirms it is investigating data breach after employee info leaked

News
By
published

A hacker says they stole employee info on more than 10,000 people

Delll ogo
(Image credit: Shutterstock / Gabriel Pahontu)

Computer manufacturing giant Dell is looking into claims that its infrastructure was breached and sensitive data on thousands of employees stolen.

Late last week, a threat actor with the alias ‘grep’ posted a new thread on the infamous dark web forum BreachForums. In it, they offered a large Dell database for sale, allegedly containing sensitive employee information.

“In September 2024 Dell suffered a minor data breach that exposed internal employees data,” the thread reads. “Were affected over 10 800 employees belonging to Dell and their partners. Compromised data: Employee ID, Employee full name, Employee status, Employee internal ID.”

No word from Capgemini yet

If the database turns out to be legitimate, this could be quite a problem for Dell, since the information can be used in identity theft and phishing, potentially compromising Dell further. Crooks could impersonate company employees to communicate with other workers and have them disclose secrets, grant access to restricted areas of the infrastructure, or even deploy ransomware.

To make matters worse, the database can be obtained quite easily. A small sample has been available for free, and the entire database can be purchased for 1 BreachForums credit (roughly $0.30).

Now, Dell told BleepingComputer that it is investigating the claims of the breach.

"We are aware of the claims and our security team is currently investigating," the company told the publication.

Earlier this month, grep claimed to have breached French tech and consulting giant, Capgemini. They said they obtained 20 GB worth of sensitive data, including databases, source code, private keys, credentials, API keys, projects, employee data (including names, email addresses, usernames, and password hashes). The archive also contains backups, and Capgemini clients’ internal configuration details for cloud infrastructure.

The crook even shared alleged T-Mobile virtual machine logs. But a T-Mobile US representative debunked the claim, saying the data does not belong to that company. "This is not T-Mobile US," they told us. "From what we can tell, we believe this may be a T-Mobile brand outside of the US."

Via BleepingComputer

More from TechRadar Pro

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

TOPICS