Dell Employee Data

Summary

Dell Technologies experienced two alleged data breaches within one weekend in September 2024, affecting over 10,800 employees. The first breach on 19 September exposed employee IDs, names, and employment status. A second breach was claimed on 22 September involving compromised Atlassian tools (Jira, Jenkins, Confluence) containing 3.5GB of internal data. Dell confirmed they were investigating the claims.

What Happened

A threat actor named "grep" claimed Dell suffered a data breach in September 2024, exposing internal employee and partner information. The first breach on 19 September compromised data for 10,800 employees including employee IDs, full names, employee status, and internal IDs. Three days later, on 22 September, hackers claimed a second breach exposing sensitive internal files via compromised Atlassian collaboration tools, including Jira files, database tables, and schema migrations totaling 3.5GB uncompressed data.

Impact on Individuals

The breach exposed employee identification information and internal system data. While the breach primarily affects Dell employees globally, Australian Dell employees may be included. Affected individuals should:

• Monitor for phishing emails appearing to come from Dell
• Be alert for targeted social engineering using employment details
• Watch for business email compromise attempts
• Be cautious of scammers impersonating Dell IT or HR departments

The exposure of internal system documentation could also enable further attacks on Dell's infrastructure.

Organisational Response

Dell acknowledged awareness of the breach claims, stating "We are aware of the claims and our security team is currently investigating." This incident came after Dell had already suffered a data breach earlier in 2024 when a company API was abused to steal 49 million customer records. The rapid succession of breaches within one weekend raised concerns about Dell's security posture and incident response capabilities.