Dell’s Triple Breach, a Critical Wake-Up Call for Cybersecurity
Fool me once, shame on you; fool me twice, shame on me. Fool me thrice, shame on both of us.
That’s Dell Technologies Founder and CEO Michael Dell, probably, if reports are true that Dell Technologies was breached not once, not twice, but thrice in the first nine months of 2024—including back-to-back attacks this September alone.
Wake Me Up When September Ends . . .
The First September Breach
The first September breach supposedly occurred sometime before 19 September, when a threat actor gained access to a Dell employee database. The supposed breach came to light when a threat actor using the name “grep” posted in the notorious dark web forum BreachForums, a new thread selling a large Dell database supposedly containing sensitive employee information.
“In September 2024, Dell suffered a minor data breach that exposed internal employees’ data,” said the thread. “Affected over 10,800 employees belonging to Dell and their partners. Compromised data: Employee ID, employee full name, employee status, employee internal ID.”
Dell confirmed the breach to Bleeping Computer, telling the publication that its “security team is currently investigating.”
The Second September Breach
Dell’s security team is probably having sleepless nights these days because the same threat actor, grep, claimed a second successful breach just a few days after the initial employee database breach was made public. This time, grep and his minions—including a certain “Chucky”—allegedly compromised Dell’s Atlassian software suite, getting unauthorised access to 3.5GB of uncompressed data that include Jira files, database tables, and schema migrations.
“Compromised data: Jira’s files, DB tables, schema migration, etc., totalling 3.5GB uncompressed. This time, it was breached by Chucky. Before Dell made any claims, we both compromised your Atlassian and accessed Jenkins, Confluence, etc. GDPR said time is ticking, by the way, xD,” claimed grep in a separate thread on BreachForums.
These data breaches, according to Keeper Security Cybersecurity Expert Anne Cutler, “is a painful blow to the organisation that’s already dealing with the fallout of an incident that affected 49 million customers earlier this year.”
The May Attack at Dell: Exposing 49 Million Customers
The incident Cutler is alluding to a confirmed breach in May 2024, where personal data—name, physical address, and Dell hardware and order information—of some 49 million Dell customers was stolen by a different threat actor. In response, Dell warned its customers of the data breach through data breach notifications sent via email, which also stated that the breach occurred in a Dell portal containing customer information related to purchases.
“The disclosure of this information is a clear violation of both customer and employee privacy and trust. These breaches underscore the persistent and evolving threats to digital security, and why everyone must take concrete, proactive steps to safeguard their own sensitive information,” Cutler pointed out.
To that end, the cybersecurity expert reminded impacted employees and customers to do the following:
- Change the password and passcode for any Dell-related accounts immediately. A password manager can generate strong and unique passwords for every account.
- Enable Multi-Factor Authentication (MFA) to add an extra layer of security that makes it more difficult for cybercriminals to access your accounts.
- Watch for signs of phishing attempts including unsolicited texts and emails that include suspicious files or links and urgent language.
- Sign up for a dark web monitoring service like BreachWatch® so you can be notified immediately if your information has been compromised.
Everyone Is a Target Nowadays: Why Cybersecurity Must Be a Priority
Bigger picture, Cutler says the breaches at Dell are a reminder that cybersecurity must be a top-of-mind concern of every organisation because everyone is a potential target. And as these breaches prove undeniably, everyone can be attacked—small players and tech giants alike.
“This spate of breaches is a wake-up call for all organisations to reevaluate their cybersecurity strategies, emphasising proactive measures over-reactive responses,” Cutler emphasised. “As cyber threats evolve, organisations must prioritise protecting both customer and employee data. Cybersecurity technologies protecting these environments must cover every user, on every device, from every location.”
Cutler particularly zoned in on the need to implement zero-trust security to protect the human element, which she describes as “the most error-prone element of the attack chain.”
“Organisations should focus on implementing zero-trust security architecture and a policy of least access to prevent unauthorised privilege escalation and ensure strict enforcement of user access roles,” Cutler noted. “A Privileged Access Management (PAM) platform is essential for managing and securing privileged credentials, ensuring least privilege access and preventing lateral movement in the event of a breach.”
But the threat landscape is only growing more prolific, more sophisticated, and more brazen, and Dell Technologies found that out the hard way—thrice this year alone. Because of this, organisations will need to fortify their cybersecurity even more, covering as many bases as possible to shut off any and all attack vectors. This is where solutions like robust threat intelligence, continuous monitoring, and rapid incident response are critical, according to Cutler, who also recommends that companies should have security event monitoring to detect and analyse privilege escalations and detect and block anomalous behaviour.
Dell Won’t Be the Last
Breaching Dell Technologies, of course, is like slaying a giant and is a feather in the cap of hackers like grep and Chucky. It is also a stark reminder that today’s threat actors are so good that they can tear down the defences of even a billion-dollar company—and this is why attacks like these will be a fixture in the days and months ahead.
Now, the proverbial ball is in the good guys’ court so to speak, and it is up to businesses big and small to fight back by building up a proper and powerful defence.
Otherwise, threat actors will be fooling more of these companies.