Connect with us


The Irish privacy watchdog confirms the investigation into Dell data leaks




In this photo illustration, a woman's silhouette holds a smartphone with the Dell logo in the background. (Photo Illustration by Rafael Henrique/SOPA Images/LightRocket via Getty Images)

A leading European privacy watchdog is investigating recent breaches of Dell customers’ personal data, JS has learned.

Ireland’s Data Protection Commission (DPC) Deputy Commissioner Graham Doyle confirmed to JS that the DPC has received “a breach notification regarding this matter” – referring to Dell – which is “currently under review”. Asked for further explanation, Doyle declined to comment further.

An unnamed Dell spokesperson also confirmed that the tech giant “has notified regulators and will continue to work with them as necessary” when contacted by JS for comment.

Last week, Dell warned customers via email that there had been a data breach. The theft, the company said, included customer names, physical addresses and Dell order information. Some of the stolen data contained personal information of Dell customers in the European Union. Despite the theft of customers’ physical addresses, Dell told customers it believed “there is no significant risk to our customers given the type of information involved.”

On Tuesday, JS exclusively reported that the same threat actor who claimed last week’s data breach had pulled more customer data from another Dell portal. The data from this second breach includes Dell customer names, phone numbers and email addresses, according to the threat actor, as well as a review of a sample of the collected data seen by JS.

In both cases, the threat actor – who goes by Menelik – said he was able to find flaws in two different Dell portals and collect customer data.

In recent years, Ireland’s data protection watchdog has been the most active privacy regulator in Europe, as many major tech companies have their European headquarters in Ireland, including Dell. The DPC has enforced the pan-EU data protection and privacy regulations known as GDPR against several companies, including TikTok, which was fined $379 million for mishandling children’s data, and Meta, which was fined of $1.3 billion for violating regulations on transferring user data. personal data to the United States.

Companies can be fined up to 4% of their annual global turnover for violating the GDPR.

Contact us

Do you know more about this Dell hack? Or similar data breaches? From a non-work device, you can securely contact Lorenzo Franceschi-Bicchierai on Signal at +1 917 257 1382, or via Telegram, Keybase and Wire @lorenzofb, or email. You can also contact JS via SecureDrop.