Irish privacy watchdog confirms investigation into Dell data breach

A leading European privacy watchdog is investigating following recent breaches of Dell customers’ personal information, TechCrunch has learned.

Deputy Commissioner of the Irish Data Protection Commission (DPC), Graham Doyle, confirmed to TechCrunch that the DPC had received “a breach notification in relation to this matter” – referring to Dell – which is “currently being investigated”. assessment “. Asked to elaborate, Doyle declined to comment further.

An anonymous Dell spokesperson also confirmed that the tech giant “has informed regulators and will continue to work with them as appropriate,” when contacted by TechCrunch for comment.

Last week, Dell alerted customers via email that it had been the victim of a data breach. The theft, the company wrote, involved customer names, physical addresses and Dell order information. Some of the stolen data included personal information about Dell customers in the European Union. Despite the theft of customers’ physical addresses, Dell told customers it believed “there was no significant risk to our customers given the type of information involved.”

On Tuesday, TechCrunch exclusively reported that the same threat actor who claimed last week’s data breach had scraped more customer data from another Dell portal. Data from this second breach includes names, phone numbers and email addresses of Dell customers, according to the threat actor, as well as a review of a sample of the recovered data seen by TechCrunch.

In both cases, the threat actor – called Menelik – claimed to have managed to find flaws in two different Dell portals and scrape customer data.

In recent years, Ireland’s data protection watchdog has been the most active privacy regulator in Europe, given that many major technology companies have their European headquarters in Ireland, including Dell. The DPC has enforced the pan-European data protection and privacy regulation, known as GDPR, against several companies, including TikTok, which was fined $379 million for mishandling user data. children, and Meta, which was fined $1.3 billion for violating user transfer regulations. personal data to the United States.

Companies can be fined up to 4% of their global annual turnover for GDPR violations.

Contact us

Do you know more about this Dell hack? Or similar data breaches? From a non-work device, you can contact Lorenzo Franceschi-Bicchierai securely on Signal at +1 917 257 1382, or via Telegram, Keybase and Wire @lorenzofb, or by email. You can also contact TechCrunch via SecureDrop.