Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Operational Security //

Data Leakage

11/29/2018
12:58 PM
Scott Ferguson
Scott Ferguson
News Analysis-Security Now
50%
50%

Dell: Your Personal Info May, or May Not, Have Been Stolen

It appears attackers attempted to penetrate Dell's network in early November. While the company does not believe any personal data was taken, Dell cannot guarantee no one was compromised.

Dell is investigating whether attackers managed to steal customer data after an unknown person or group penetrated the company's network, including the consumer-facing Dell.com site.

On November 28, Dell issued a statement that it security team was investigating a possible attack against the company's network. It appears names, email address and hashed passwords were compromised, but it's unclear if any of that information was removed.

However, attackers did not gain access to payment information, such as credit card numbers and other sensitive data. The company's other sites, including EMC and other enterprise divisions, were also not affected.

The security breach happened on November 9.

(Source: Wikipedia)\r\n
(Source: Wikipedia)\r\n

Since then, Dell conducted a forensic security audit of the breach and its site, and while the vendor does not believe any data was compromised, it can't guarantee that.

"Though it is possible some of this information was removed from Dell's network, our investigations found no conclusive evidence that any was extracted," according to a statement.

As a precaution, however, Dell plans to have all Dell.com customers reset their passwords and will hash those passwords as well. The company also is working with law enforcement to investigate the potential breach. In addition Dell established a website for affected customers.

What makes this particular breach of concern is that Dell is one of the world's largest suppliers of consumer and enterprise technology, and yet attackers could compromise the network -- whether or not any personal data was stolen.

Of course (and sadly), Dell is not the only enterprise facing these types of questions.

In the past two months, Facebook and Google have each been forced to respond to network breaches that exposed user information and data. In the case of Facebook, it does appear some data was taken. (See Facebook Revises Data Breach Number Down to 30M Users.)

Additionally, companies like British Airways now offer more information about various data breaches and attacks in order to comply with new laws and regulations. In this case, the airline might be one of the first large-scale tests of the European Union's General Data Protection Regulation (GDPR). (See British Airways Already Facing Lawsuits Following Data Breach.)

Related posts:

— Scott Ferguson is the managing editor of Light Reading and the editor of Security Now. Follow him on Twitter @sferguson_LR.

Comment  | 
Print  | 
More Insights
Comments
Oldest First  |  Newest First  |  Threaded View
News
FluBot Malware's Rapid Spread May Soon Hit US Phones
Kelly Sheridan, Staff Editor, Dark Reading,  4/28/2021
Slideshows
7 Modern-Day Cybersecurity Realities
Steve Zurier, Contributing Writer,  4/30/2021
Commentary
How to Secure Employees' Home Wi-Fi Networks
Bert Kashyap, CEO and Co-Founder at SecureW2,  4/28/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-24259
PUBLISHED: 2021-05-05
The “Elementor Addon Elements� WordPress Plugin before 1.11.2 has several widgets that are vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, all via a similar method.
CVE-2021-24260
PUBLISHED: 2021-05-05
The “Livemesh Addons for Elementor� WordPress Plugin before 6.8 has several widgets that are vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, all via a similar method.
CVE-2021-24261
PUBLISHED: 2021-05-05
The “HT Mega – Absolute Addons for Elementor Page Builder� WordPress Plugin before 1.5.7 has several widgets that are vulnerable to stored Cross-Site Scripting (XSS) by ...
CVE-2021-24262
PUBLISHED: 2021-05-05
The “WooLentor – WooCommerce Elementor Addons + Builder� WordPress Plugin before 1.8.6 has a widget that is vulnerable to stored Cross-Site Scripting (XSS) by lower-priv...
CVE-2021-24263
PUBLISHED: 2021-05-05
The “Elementor Addons – PowerPack Addons for Elementor� WordPress Plugin before 2.3.2 for WordPress has several widgets that are vulnerable to stored Cross-Site Scriptin...