On Nov. 28, the technology manufacturer Dell announced in a news statement that they might have experienced a data breach. The statement noted that the suspicious activity on the network was first noticed on Nov. 9. The company noticed specifically that they noticed threat actors trying to access customer data like names, addresses, and hashed passwords. After this revelation, the company brought in third-party investigators and also law enforcement to try and control the situation.
According to Dell, they acknowledge that there is a possibility that the data was accessed and stolen, but insist that their investigation turned up no conclusive evidence that proved this occurred. To err on the side of caution, Dell reset all passwords for its customers in hopes that any potential access gained by the hackers would be cut-off.
In the same news statement, there is a section dedicated to FAQs that Dell customers may have regarding the incident. Some information, quoted below, indicates gives fairly general information, but nevertheless may be helpful for customers who may have been impacted by the Dell network breach:
In this age of highly sophisticated information security threats, Dell is committed to doing all it can to protect customers’ information... this includes encouraging customers to change passwords for other accounts if they use the same password for their Dell.com account... credit card and other sensitive customer information was not targeted... the incident did not impact any Dell products or services.
One has to wonder how the attackers even gained access to the Dell network in the first place. It does cause some concern as an InfoSec professional that Dell is keeping tight-lipped on the actual breach cause, even when directly asked by cybersecurity research blogs like Threatpost. By not reaching out to the larger cybersecurity community, Dell is hurting themselves as we could be potentially a great resource to create a better defensive security model. Perhaps in the future, we will see more cooperation, but it is unlikely.
Dell customers should read the statement in full, and also check the FAQ section to see what can be done to protect their data.
Featured image: Dell