Dell: Your Personal Info May, or May Not, Have Been Stolen


ABTV Application Cloud Endpoint Infrastructure IoT/Embedded Mobile Network Operational Security Management
Sign up for our weekly newsletter! REGISTER NOW
Operational Security
Dell: Your Personal Info May, or May Not, Have Been Stolen Scott Ferguson, Managing Editor, Light Reading, 11/29/2018 Email This Print Comment 20 comments Login 50% 50% Dell is investigating whether attackers managed to steal customer data after an unknown person or group penetrated the company's network, including the consumer-facing Dell.com site. On November 28, Dell issued a statement that it security team was investigating a possible attack against the company's network. It appears names, email address and hashed passwords were compromised, but it's unclear if any of that information was removed. However, attackers did not gain access to payment information, such as credit card numbers and other sensitive data. The company's other sites, including EMC and other enterprise divisions, were also not affected. The security breach happened on November 9. (Source: Wikipedia) Since then, Dell conducted a forensic security audit of the breach and its site, and while the vendor does not believe any data was compromised, it can't guarantee that. "Though it is possible some of this information was removed from Dell's network, our investigations found no conclusive evidence that any was extracted," according to a statement. As a precaution, however, Dell plans to have all Dell.com customers reset their passwords and will hash those passwords as well. The company also is working with law enforcement to investigate the potential breach. In addition Dell established a website for affected customers. What makes this particular breach of concern is that Dell is one of the world's largest suppliers of consumer and enterprise technology, and yet attackers could compromise the network -- whether or not any personal data was stolen. Of course (and sadly), Dell is not the only enterprise facing these types of questions. In the past two months, Facebook and Google have each been forced to respond to network breaches that exposed user information and data. In the case of Facebook, it does appear some data was taken. (See Facebook Revises Data Breach Number Down to 30M Users.) Additionally, companies like British Airways now offer more information about various data breaches and attacks in order to comply with new laws and regulations. In this case, the airline might be one of the first large-scale tests of the European Union's General Data Protection Regulation (GDPR). (See British Airways Already Facing Lawsuits Following Data Breach.) Related posts: Ransomware, New Privacy Laws Are Top Security Concerns for 2019 UK & Dutch Authorities Slap Uber With Fines Over 2016 Data Breach HSBC Data Breach Shows Failure to Protect Passwords & Access Controls Your People Can't Secure Your Network? Try Tier 0 Automation — Scott Ferguson is the managing editor of Light Reading and the editor of Security Now. Follow him on Twitter @sferguson_LR. comments		More from News Analysis Spam Emails Bring Bomb Threats to US Businesses, Schools On Thursday, US businesses and schools began receiving a number of bomb threats that demanded Bitcoin as ransom. All these seem related to a series of spam emails. China Suspected of Massive Marriott Data Breach – Report A New York Times report finds that investigators believe China-backed attackers pulled off the massive data breach at Marriott, exposing the records of 500 million guests. It's a continuation of the tensions between China and the US. 'Operation Sharpshooter': Lazarus Revived or False Flag Operation? McAfee Labs has homed in on a new attack targeting critical infrastructure that they call 'Operation Sharpshooter.' However, while there is technical overlap with the Lazarus Group, there's also the possibility of a false flag operation. Supermicro: Report Clears Company of Hacking Allegations Following a Bloomberg report that found hackers implanted specialized chips in its motherboards, Supermicro claims an audit has cleared the company of wrongdoing. New Google+ Bug Affects 52M Users, Accelerating Site's Demise While the latest disclosure does not seem to have leaked any data, it accelerates Google+'s demise. More from News Analysis Information Resources • Security Now Special Report - IoT Security: Securing the Network & Protecting the Consumer • SD-WAN Adoption Is Accelerating to Reduce Security Risk: A Global Survey of Network Professionals • Futuriom SD-WAN Growth Report 2018 • Versa Networks Enterprise Solution Brief • Protect Your Branch Office Network from Cyber-Criminals • Top 10 Ransomware • Next Generation Firewall Test Report – NSS Labs • ESG Lab Review - SD-WAN Integration with Amazon Web Services – Versa Networks • Security Now Special Report: Endpoint Ecosystems – Collaborating to Conquer Security Threats • You Cannot Secure What You Cannot See: How to make your hybrid cloud environment visible and secure All resources upcoming Webinars ARCHIVED 12 Ways to Defeat Two-Factor Authentication Tuesday, December 11, 2018 12:00 p.m. New York / 5:00 p.m. London More Webinars Webinar Archives Analysts Corner Ovum Resources • Ovum 2018 Trends to Watch: IT & Cybersecurity • Ovum IoT Security: Technology Strategies & Vendor Profiles • Ovum 2018 Trends to Watch: Managed Security Services • Ovum's Mini-Guide to GDPR Analysts Corner archive Flash Poll All polls Video In a wide-ranging interview, Cisco security boss Gee Rittenhouse talks about how machine learning, AI, blockchain and other emerging technologies ... CloudPassage's new technology, called Container Secure, involves a five-step process to ensure seamless security in container deployments from the ... You can't so much as go to a coffee shop today without hearing the word 'blockchain.' Hearing about a useful blockchain is less common, but ... Last year, 60 million companies changed owners worldwide. That turnover makes it incredibly difficult to avoid doing business with entities (e.g., ... Keith Furst of Data Derivatives interviews Daniel Wagner, author of a new book, Virtual Terror: 21st Century Cyber Warfare. They discuss the ways ... All Videos Sponsored Video Sage Wagner, senior security pre-sales engineer with RiskSense, provides a demo of the company's latest technology 'RiskSense Solution,' a ... Janus Technologies is launching a line of products that protect against the many threats to enterprises' sensitive data. David Schultz, vice ... This new video will inspire companies to reimagine their business for success in a world where connectivity is more than a commodity. Sponsored Video All Videos Radio Shows ARCHIVED \| August 31, 2017, 3pm EDT Voice of Security Radio: A Security Partnership with Machine Learning An interview with Steve Grobman, CTO of McAfee ARCHIVED SHOWS DOWNLOAD TO CALENDAR Twitter Feed Tweets by Security_Now_ like us on facebook