Computing manufacturer Dell is the latest big company to be the subject of a database hack, with a data breach potentially exposing the private information of more than 10,000 employees and their partners.
Full names, employee status and internal IDs of Dell staff are all cited as being compromised by the threat actor known as ‘grep’, which is offering to sell the data for the equivalent of just $0.30. Dell has said that it is investigating the matter.
It’s the second big data breach coup for grep this month, having also obtained data from French IT consultants Capgemini.
Dell Internal Employee Data Exposed
The Dell data breach – originally reported by the BleepingComputer website – was posted by the grep profile on a data breach community forum.
It said that Dell had suffered a “minor data breach that exposed internal employees data”, before going on to state that more than 10,800 Dell employees and their partners had been affected.
This just in! View
the top business tech deals for 2024 👨💻
The post listed the data points that had been breached by grep:
Compromised data: Employee ID, Employee full name, Employee status, Employee internal ID
The poster included in the thread a small sample of the data they had obtained, while making the entire database available for one 1 BreachForums credit. Credits are each worth the equivalent of approximately $0.30.
In response, Dell – who recently planned job cuts of around 12,000 staff – told BleepingComputer that it was aware of the claims and that its security team was investigating.
grep Developing Reputation
A later post by the threat actor grep alleged a further Dell data breach that would expose internal data. This second breach, it said, comprised a total of 3.5GB of uncompressed data that includes Jira files and scheme migration.
It’s not the first time that grep’s misdemeanors have been in the spotlight this month. It made claims back on 9th September that it had taken advantage of a significant data breach at Capgemini.
The post on BreachForums said that it had got its hands on 20GB of “Database, Source code, Private Keys, Credentials, API Keys, Projects, Employees data, Threat Reports, T-Mobile’s Virtual Machines logs, Documents and many more”.
Just like the Dell breach, it again made a sample of the exposed data available for free on the post.
The Year in Data Breaches
Data breaches are nothing new, with computer hacking dating back to the 1970s. But 2024 has seen more than its fair share of major companies falling foul of malicious actors breaching their cyber defenses.
Perhaps the most notable breach so far this year was the one perpetrated by the notorious ShinyHunters that obtained and leaked 440,000 tickets to concerts that included Taylor Swift’s Eras Tour. It placed an $8 million ransom on the tickets, with Ticketmaster the victim.
But that was far from the highest value or widest reaching hack. The now infamous Snowflake hack saw the cloud storage company targeted, with the details of 30 million bank accounts and 28 million credit cards compromised.
DNA testing company 23andMe agreed to pay out $30 million in compensation to victims of a breach of the company’s database, while U-Haul was forced to stump up $5 million.
And it was also revealed this weekend that UK department store Harvey Nichols had had sensitive customer data exposed.
