close
close

Dell is investigating portal security incident and says there is no “significant risk” to customers

“After identifying the incident, we immediately implemented our incident response procedures, began investigating, took action to contain the incident and notified law enforcement,” Dell said in an email to customers. “We have also retained an outside forensics firm to investigate this incident.”


Dell Technologies is investigating a security incident involving a portal that contains a database containing limited types of customer information related to Dell purchases.

According to an email from Dell to customers obtained by CRN, the incident does not pose a “significant risk” to customers.

“After identifying the incident, we immediately implemented our incident response procedures, began investigating, took action to contain the incident, and notified law enforcement,” Dell said in the email. “We have also engaged an external forensic firm to investigate this incident. We will continue to monitor the situation.”

CRN reached out to Dell but had not received a response as of press time.

Dell said only limited types of customer information were “accessed,” including name; physical address; Dell hardware and ordering information, including service tag; item description; Order date and related warranty information.”

(RELATED: Ascension data breach: Health system says clinical operations disrupted)

Dell said the information in question “does not include financial or payment information, email addresses, phone numbers or other highly sensitive customer information.”

However, Dell noted that while there is no significant risk given the limited information involved, the company advised customers to follow tips to avoid tech support phone scams. Additionally, the company advised its customers to report “suspicious activity” related to their Dell accounts or purchases to Dell security.

An MSP contacted by a federally regulated Dell customer who received Dell’s email said the incident is another sign that solution providers need to double their security efforts across all their customers.

“If you’re a Dell enterprise customer, you’re probably getting a call from your account manager,” said the MSP executive, who wished to remain anonymous. “This is another example of the importance of safety. Nobody is immune. Everyone has to be on guard. There are no more links. You can’t take your customer and partner relationships for granted and hope that their security is as robust as you need it to be. You must take steps yourself to ensure your actions meet your business needs and protect your data.”

A chief information security officer (CISO) at a Solution Provider 500 company, who did not want to be identified, said he would not be surprised if the customer information leaked onto the dark web and was used in the future.

“Now that an incident response company has been engaged, it will be interesting to learn whether the issue spread to other systems or whether it was actually limited to the environment and information described in the letter.”