IT giant Dell Technologies has confirmed a security breach after a threat actor leaked extensive infrastructure data.
On Monday, July 21, 2025, World Leaks, formerly Hunters International ransomware gang, claimed to have breached the company and leaked 1.3 terabytes of data on its leak site for free download.
It remains unclear if the threat actor had attempted to extort the company by demanding a ransom before releasing over 400,000 files.
Dell confirms security breach
Dell has confirmed a security breach, which it claims affected its Customer Solutions Center, a platform for testing and showcasing its products to business clients.
However, the platform is isolated from its customer and business core systems, suggesting that the security breach was isolated. Details leaked include automation scripts, browser profiles, log files, backups, system data, software packages, and more.
While the threat actor claims the information is valuable, Dell disputes that allegation, stating that the leaked data was primarily synthetic, related to internal scripts or testing outputs, or publicly available information used for product testing.
Nonetheless, the security breach highlights the importance of isolating and securing testing environments to avoid leaking sensitive information.
“A breach is a breach is a breach,” asserted Tj McClearin, CEO at Xcape. “I think it’s very hard for Dell to say unequivocally that the data is largely fake, I know from my own experience dealing with different solutions implementation services that a lot of times a vendor will ask for test data and what they end up getting is real data, simply because it’s easier to provide real data under an NDA rather than make up data to be used that’s not grounded in the real world example of how these systems are to be used.”
McClearin added that, although paying a ransom was not an option, it was irresponsible to sweep the security breach under the rug to save face.
“Every end point is an attack surface and should be treated with the same respect and efficacy as any other sensitive system,” he said.
Meanwhile, the threat actor has not disclosed when or how they breached Dell, and the company is still investigating the security breach and has not released more details.
Nevertheless, Dell has suffered serious data breaches in the past, impacting millions of people. In May 2024, the technology giant confirmed a data breach that leaked the personal information of 49 million individuals.
That data breach leaked the name, physical address, and hardware and order information, including service tag, order date, and warranty information for purchases made between 2017 and 2024. That information exposed victims to various cyber risks, including tech support scams.
Ransomware gang rebranded to World Leaks
Earlier this year, the Hunters International ransomware gang rebranded to World Leaks and adopted pure data exfiltration attacks instead of encryption. The change in tactics stemmed from ransomware becoming less lucrative while also becoming extremely risky for the threat actors and technically complicated. Before rebranding, Hunters had claimed over 200 attacks, including 55 confirmed cyber incidents.
Operating as World Leaks, the hacking group has so far claimed responsibility for 49 breaches, including those of Chain IQ and Freedom Healthcare. The group was also observed exploiting vulnerable SonicWall SMA 100 devices, suggesting that it does not solely focus on data theft.
Its predecessor, the Hunters International ransomware gang, specifically targeted healthcare organizations, manufacturers, and government organizations.
Confirmed data breaches attributed to the Hunters include the 2023 Fred Hutchinson Cancer Centre hack, which affected 1,840,927 people, and the 2024 Omni Family Health breach, which affected 468,344 individuals.
Surprisingly, Hunters International has offered free decryption keys to victimized companies that refused to pay ransom.
While seemingly altruistic, the gesture was likely symbolic, as the victims had probably already restored their systems and were unlikely to pay. Moreover, the group has a notorious history of launching reprehensible ransomware attacks, including those targeting cancer facilities.
Hunters International itself was a rebrand of the prolific Hive ransomware gang that was taken down in a coordinated global law enforcement action, having extorted over $100 million from its victims.
