Computer manufacturing giant Dell is investigating allegations that its infrastructure was breached and confidential data belonging to thousands of employees was stolen.
Late last week, a threat actor with the alias “grep” posted a new thread on the infamous dark web forum BreachForums. In it, he offered for sale a large Dell database that allegedly contained sensitive employee information.
“In September 2024, Dell suffered a small data breach that exposed internal employee data,” the thread reads. “Over 10,800 Dell and partner employees were affected. Compromised data: Employee ID, Employee Full Name, Employee Status, Employee Internal ID.”
No news from Capgemini yet
If the database turns out to be legitimate, this could be a big problem for Dell, as the information can be used for identity theft and phishing, potentially further compromising Dell. Criminals could pose as company employees to communicate with other workers and get them to reveal secrets, grant access to restricted areas of the infrastructure, or even deploy ransomware.
To make matters worse, the database is fairly easily obtainable. A small sample has been made available for free, and the full database can be purchased for 1 BreachForums credit (approximately $0.30).
Now, Dell said Computer beeping which is investigating the allegations of infringement.
“We are aware of the allegations and our security team is currently investigating,” the company told the publication.
Earlier this month, grep claimed to have breached the security of French technology and consulting giant Capgemini. They said they obtained 20GB of sensitive data including databases, source code, private keys, credentials, API keys, projects, employee data (including names, email addresses, usernames, and password hashes). The file also contains backups and internal configuration details of Capgemini clients for cloud infrastructure.
The scammer even shared purported T-Mobile virtual machine logs. But a T-Mobile US representative denied the claim, saying the data does not belong to that company. “This is not T-Mobile US,” we were told. “From what we know, we believe it may be a T-Mobile brand outside of the US.”
Through Computer beeping