Hackers claim fresh Dell data breach just days after the company confirms probe into employee info leak
Hackers are claiming that they’ve carried out a second hack on Dell within a week, accessing internal files by compromising the company’s Atlassian account.
According to reporting from Hackread, data allegedly leaked in the breach is believed to include information from Jira, Jenkins, and Confluence, including data associated with Jira files, database tables, and schema migrations.
It amounts to 3.5GB of uncompressed data, and may contain information about Dell’s internal infrastructure, including system configurations, user credentials, security vulnerabilities, and development processes.
This second breach was carried out alongside a second hacker, named ‘Chucky’, according to ‘grep’, the threat actor behind the original attack.
Dell is already investigating a data breach that took place on 19 September, and that’s believed to have involved the leak of the data of more than 1,000 employees.
Last week, ‘grep’ revealed the breach after posting on the dark web forum BreachForums, offering a large Dell database for sale.
“In September 2024 Dell suffered a minor data breach that exposed internal employees data,” read the post.
“Were affected over 10 800 employees belonging to Dell and their partners. Compromised data: Employee ID, Employee full name, Employee status, Employee internal ID.”
Dell confirmed to another publication that it’s aware of the claims and that its security team is currently investigating the incident.
Dell data breach shines more light on data security
Erfan Shadabi, cybersecurity expert at comforte AG, said the latest incident at Dell is a serious cause for concern and highlights the importance of robust data security practices.
“This data breach on Dell demonstrates just how important it is for every organization to rethink data security. Dell must now assess just how much sensitive information has been released,” Shadabi commented.
“Hopefully, they can navigate this situation effectively with minimal damage..
“The distressing fact is that ordinary individuals and users invariably find themselves at the mercy of organizations failing to fortify their data against potential breaches. The fallout from such incidents can range from identity theft to financial losses, leaving users vulnerable to a myriad of cyber threats.”
Grep appears to have been busy of late. Earlier this month, they claimed to have stolen 20GB of sensitive data from French tech and consulting firm Capgemini.
The data was said to include databases, source code, private keys, credentials, API keys, projects, and employee data such as names, email addresses, usernames, and password hashes.
Dell is yet to comment on this second breach. ITPro will update this article if and when the company confirms.
Source link