Dell is warning customers that their names, physical addresses and some order information may have been accessed in a recent cybersecurity incident.
A threat actor known as Menelik made a post on the cybercrime site BreachForums on April 28 claiming to have access to 49 million customer records from Dell, according to a screenshot published by Malwarebytes.
Around Wednesday this week, customers began reporting on social media that they received an email from Dell warning their name, address and order information, including information on Dell hardware, may have been compromised.
These details could be leveraged as a means to obtain further personal details leading to identity theft and fraud, according to Trend Micro.
Criminals can conduct specific address-related scams, such as making an unauthorized change of address or posting a fake rental ad under your name, according to Bitdefender.
Dell's blog post on avoiding phone scams, first published in 2018, warns that fraudsters impersonating Dell technical support staff may solicit personal information, payment and remote system access.
The post advises customers to never disclose information or give remote access to these unsolicited callers, even if they have specific information about one's system, and that Dell never asks for gift cards or for funds to be wired as payment.
Dell declined to confirm to SC Media the validity of the Breach Forums posting, although TechCrunch reported Friday morning that some of the data provided by Menelik matched the real information of Dell customers.
The threat actor claimed he continued this process for three weeks without being detected.
This Cyber News was published on packetstormsecurity.com. Publication date: Mon, 13 May 2024 17:43:04 +0000