Hacker hand stealing data from laptop showing data breach of employee data

Dell Suffers a Second Security Incident Hot on the Heels of an Employee Data Breach Impacting 10,000

Dell has launched an employee data breach investigation after a threat actor identified as “Grep” leaked the company’s stolen information on the dark web marketplace BreachForums.

“In September 2024 Dell suffered a minor data breach that exposed internal employees’ data,” the hacker stated.

The threat actor has availed a small sample for free download, but charges for the entire database at the rate of 1 BreachForums credit equivalent to $0.30.

Dell confirms employee data breach

Dell confirmed it was aware of the alleged employee data breach, adding that it had tasked its internal security team to investigate.

However, the computer manufacturer has availed no additional information regarding the employee data leak, including the number of victims affected or the nature of the stolen information.

Nevertheless, the threat actor claims the Dell employee data breach impacted over 10,000 people and leaked their personal and employment identifiers.

“Were affected over 10,800 employees belonging to Dell and their partners. Compromised data: Employee ID, Employee full name, Employee status, Employee internal ID,” claimed the threat actor.

Seemingly, the Dell security incident did not expose employees’ email addresses and phone numbers, which could make the victims directly targetable.

The Dell data breach demonstrates that even larger organizations are not immune to data breaches, underscoring the need for proactive monitoring to timely detect and mitigate cybersecurity incidents.

“The alleged Dell data breach serves as a stark reminder of the ongoing cybersecurity challenges faced by large corporations,” said Stephen Kowski, Field CTO at SlashNext. “With over 10,000 employee records reportedly exposed, including names, employee IDs, and internal identifiers, this incident highlights the potential vulnerabilities in even well-established tech companies.”

While the alleged “minor data breach” will certainly have limited impacts, Dell is no stranger to significant data leaks in the past.

In mid 2024, Dell suffered another data breach that leaked the customer data of 49 million individuals, including names, physical addresses, item descriptions, service tags, and order information, putting customers at risk of tech support scams.

The threat actor behind the Dell customer order data leak abused the company’s unsecured API to scrape personal information while posing as a legitimate company.

At the time, Dell said it took additional steps to protect impacted customers, but downplayed the data breach claiming it posed no significant risk to its customers “given the type of information involved.”

Possible second data breach

Dell also faces a possible second data breach affecting Jira, Jenkins, and Confluence infrastructure after a hacker breached the company’s Atlassian account.

The second data breach allegedly leaked 3.5 GB of the company’s sensitive internal infrastructure information such as database tables, schema plans, system configuration files, user credentials, security vulnerabilities, and product development processes.

Exposing this information puts the company at risk of potential cyber attacks, including ransomware deployment, zero-day attacks, and supply chain exploits.

“Dell’s recent security breach—its second within a week—highlights a growing concern in the industry: the increasing risk from SaaS applications,” said Ariel Parnes, COO & Co-Founder of Mitiga. “As more companies rely on tools like Atlassian’s Jira and Confluence, they become the “soft underbelly” of the digital ecosystem, creating weak points that hackers exploit.”

Meanwhile, threat actor Grep has taken credit for other data breaches including the alleged Capgemini cyber intrusion, which leaked 20 GB of sensitive information including the French consulting giant’s employee data, security keys, tokens, usernames, passwords, and source code.

Grep also claimed to have breached T-Mobile and leaked virtual machine logs; a claim the US operation denied and attributed the security incident to possibly another “T-Mobile brand outside of the US.”