According to TechCrunch, a leading European privacy watchdog is investigating after recent breaches of Dell customers’ personal information.
Ireland’s Data Protection Commission (DPC) deputy commissioner Graham Doyle confirmed to TechCrunch that the DPC has received a “breach notification in this matter” — referring to Dell — which is “currently under evaluation.” Asked to elaborate, Doyle declined to comment further.
An unnamed Dell spokesperson also confirmed that the tech giant has “notified regulators and will continue to work with them as appropriate,” when contacted by TechCrunch for comment.
Last week, Dell notified customers via email that it had suffered a data breach. The theft, the company wrote, included customer names, physical addresses and Dell order information. Some of the stolen data included personal information of Dell customers in the European Union. Despite the theft of customers’ physical addresses, Dell told customers it believes “there is no significant risk to our customers given the type of information involved.”
On Tuesday, TechCrunch exclusively reported that the same threat actor that claimed the data breach last week had obtained more customer data from a different Dell portal. Data from this second breach includes Dell customer names, phone numbers and email addresses, according to the threat actor, as well as a review of a sample of the data removed by TechCrunch.
In both cases, the threat actor – who goes by the name Menelik – said he was able to find flaws in two different Dell portals and delete customer data.
In recent years, Ireland’s data protection watchdog has been the most active privacy regulator in Europe, given that many major technology companies have their European headquarters in Ireland, including Dell. The DPC has enforced the EU-wide data protection and privacy regulation, known as GDPR, against several companies, including TikTok, which was fined $379 million for mishandling children’s data, and Meta, which was fined $1.3 billion for violation of regulations regarding the transfer of user personal data to the United States.
Companies can be fined up to 4% of their annual global turnover for GDPR violations.
Contact us
Do you know more about this dell hack? Or similar data breaches? From a non-working device, you can contact Lorenzo Franceschi-Bicchierai securely on Signal at +1 917 257 1382 or via Telegram, Keybase and Wire @lorenzofb or via email. You can also contact TechCrunch via SecureDrop.
