‘Currently investigating’ | Over 10,000 Dell employees at risk after reported data breach

Over 10,000 Dell employees at risk after reported data breach

Dell is investigating reports that it has suffered a data breach including sensitive data on over 10,000 employees.

Last week, a thread on ‘BreachForums,’ a dark web forum, was posted by ‘grep,’ an individual claiming to have procured a large database from Dell.

“In September 2024 Dell suffered a minor data breach that exposed internal employees data,” the post began.

But the ‘minor’ breach, according to the post, allegedly included sensitive data of “over 10 800 employees belonging to Dell and their partners.”

The threat actor claimed that the sensitive data included “Employee ID, Employee full name, Employee status, Employee internal ID.”

What could the reported data breach mean for Dell & employees?

Dell, speaking to BleepingComputer, said that it is already looking into the alleged breach. “We are aware of the claims and our security team is currently investigating," a company spokesperson stated.

If the breach contains data on Dell employees that ‘grep’ claims it does, it poses a significant risk to the computer manufacturer.

While it appears the dataset itself does not include personal information such as email or physical addresses, phone numbers, or social security numbers, such data, if legitimate, could be used for identity theft and phishing.

With access to employee names and IDs, agents may be able to impersonate employees, making it particularly challenging for Dell staff to know whether they were communicating with a genuine colleague or an agent.

This would open Dell up to the risk of anything from financial fraud and access to proprietary company information, to further data breaches that could include sensitive employee information.

Moreover, with the alleged Dell dataset on sale for around $0.30 – and ‘grep’ even offering a free sample – cost has not been a barrier to other threat actors gaining access to the database.

HR’s role in employee security

Phishing and security breaches are an increasingly major concern for businesses, due to the threat they pose to both employees and the company alike. According to The State of Phishing 2024, a report by SlashNext, there has been an 856% increase in malicious email and messaging threats over the previous 12 months; and a 4151% surge in malicious phishing messages since the launch of ChatGPT in November 2022.

With such a high threat of security breaches such as those possibly faced by Dell, some employers and HR leaders are proactively taking steps to educate and establish best practices among employees.

Taylor Bradley, Head of HRBPs, L&D, and Compensation at Turing, and a member of CNBC's Workforce, spoke to HR Grapevine earlier in 2024 on the importance of contextual training for the specific risks posed in each workplace.

“Your training program should be customized to address your company's specific threat matrix, focusing on raising awareness of the most probable use case,” he explained. “Engage in regular one-on-one discussions with your Heads of InfoSec, recognizing that the human element is often the weakest link exploited by bad actors.”

Bradley also recommended building a culture of learning and transparency in cases where employees fall victim to phishing scams.

“With your legal counsel's approval, anonymize and share instances of real or prevented security breaches to facilitate organizational learning,” he suggested. “Maintain a realistic outlook on the existence of these threats and collaborate with experts within your organization to effectively mitigate them.”

You are currently previewing this article.

This is the last preview available to you for the next 30 days.

To access more news, features, columns and opinions every day, create a free myGrapevine account.