13th May 2024:
As you may have seen in the news, Dell advised customers of a Data Incident last week. The official statement from Dell is below, and as stated the potential risk is relatively low. As a precautionary measure, our Cyber Security team recommend that you take the following actions:
- Read and Consider Dell’s advice: tips to help avoid tech support phone scams. If you notice any suspicious activity related to your Dell accounts or purchases, please immediately report concerns to security@dell.com.
Increase Communication
- Advise your Users of the Incident and provide a method for staff to report attempted or successful scams or incidents to your Cyber Security team, who can investigate and take appropriate action.
- Be Wary of Unfamiliar Contact & Phishing attempts: Advise staff to be cautious of any unsolicited emails, phone calls, or texts – especially those mentioning the recent data breach or referencing Dell directly. Scammers may use this event to trick customers into giving away personal information or clicking on malicious links. Phishing emails or calls may try to trick customer staff into revealing personal information or clicking on malicious links that could download malware.
- Verify Contact: Encourage staff to verify the legitimacy of any contact supposedly from Dell. They should never click on links or reply to emails requesting sensitive information. Instead, advise them to log in to their Dell account directly through the Dell website (not through a link in an email or text) to confirm any information or changes. Dell’s official contact information can also be found on their website.
Ensure Best Practise
- Security Updates: Review and schedule any outstanding security updates for your Dell hardware and software. Then run a vulnerability assessment scan post update to ensure there are no significant vulnerabilities present.
- Change Your Dell Portal(s) Passwords & Strong Passwords: Whilst Dell have not indicated that passwords have been compromised, MTI recommend that you consider changing your Dell portal account passwords, using strong, unique passwords as a best practice step.
- Watch Lists: Create enhanced inspection of email and web traffic containing text related to the Dell product set, support scams, and search for email traffic with the content downloaded from your Dell portal instance “order information, including service tag, item description, date of order and related warranty information”. If you have a SIEM solution, configure and tune detection rules for specific strings. Scammers may leverage this information over a long period; for example scammers may time communications for when hardware or maintenance is due for renewal or when a major [security] update is needed for the products in use.
- Monitor Advisories (from Dell and other security sources) to assess impact of additional information disclosed, and any examples of organisations being targeted with scams around this data breach.
Official Dell Statement for information:
We recently identified an incident involving a Dell portal with access to a database containing limited types of customer information related to purchases from Dell. The information types involved are limited to name, physical address, and Dell hardware and order information, including service tag, item description, date of order and related warranty information. We do not believe there is a significant risk to our customers given the types of information involved.
Upon discovering this incident, we promptly implemented our incident response procedures, began investigating, applied containment measures and notified law enforcement. We also engaged a third-party forensics firm to investigate this incident.
We take our responsibility to safeguard information provided by our partners and customers seriously and we continually look for measures to further enhance our security. As such, although we believe the potential risk to our customers is low given the types of information involved, we are taking steps to proactively inform customers whose information was involved where appropriate.
If you have any questions or concerns regarding this incident or for any further advise or guidance please contact your MTI account manager or our 24×7 Security Operations Centre via 01483 520349 or servicedesk@mti.com