Ireland privacy watchdog confirms Dell data breach investigation
A top European privacy watchdog is investigating following the recent breaches of Dell customers' personal information, TechCrunch has learned.
Ireland’s Data Protection Commission (DPC) deputy commissioner Graham Doyle confirmed to TechCrunch that the DPC has received “a breach notification on this matter" — referring to Dell — which is "currently under assessment.” Asked to elaborate, Doyle declined to comment further.
An unnamed Dell spokesperson also confirmed that the technology giant “notified regulators and will continue to work with them as appropriate,” when reached for comment by TechCrunch.
Last week, Dell alerted customers via email that it had experienced a data breach. The theft, the company wrote, included customer names, physical addresses and Dell order information. Some of the stolen data included personal information of Dell customers in the European Union. Despite the theft of customers' physical addresses, Dell told customers that it believed “there is not a significant risk to our customers given the type of information involved.”
On Tuesday, TechCrunch exclusively reported that the same threat actor who claimed last week’s data breach had taken more customer data from a different Dell portal. The data from this second breach includes Dell customer names, phone numbers and email addresses, according to the threat actor, as well as a review of a sample of the scraped data seen by TechCrunch.
In both cases, the threat actor — who goes by Menelik — said he was able to find flaws in two different Dell portals and scrape customer data.
In the last few years, Ireland's data protection watchdog has been the most active privacy regulator in Europe, given that many big tech companies have their European headquarters in Ireland, including Dell. The DPC has enforced the pan-EU data protection and privacy regulation, known as GDPR, against several companies, including TikTok, which was fined $379 million for mishandling children’s data, and Meta, which was fined $1.3 billion for breaching regulations on transferring users’ personal data to the United States.
Companies can be fined up to 4% of their annual global turnover for violations of GDPR.
Contact Us
Do you know more about this Dell hack? Or similar data breaches? From a non-work device, you can contact Lorenzo Franceschi-Bicchierai securely on Signal at +1 917 257 1382, or via Telegram, Keybase and Wire @lorenzofb, or email. You also can contact TechCrunch via SecureDrop.