Dell Technologies has allegedly suffered two data breaches since Thursday amounting to a breach of over 3.5GB of data belonging to at least 10,000 company employees.
A hacker using the alias “grep” had claimed the first breach by posting a sample of the stolen dataset on BreachForums for free, offering a full release in exchange for 1 BreachForums credit, approximately amounting to $0.30.
“In September 2024 Dell suffered a minor data breach that exposed internal employees data,” grep said in a September 19 post. “Were affected over 10800 employees belonging Dell and their partners.”
The dataset has sensitive information belonging to these employees, including Employee ID, Employee full name, Employee status, and Employee internal ID, Grep added in the post.
Two attacks within a week
Days after, Grep posted about a second “significant” breach concerning 3.5 GB stolen data from Dell, this time claiming the breach in collaboration with a fellow hacker “Chucky”. Grep had called the previous attack “minor”.
“With over 10,000 employee records reportedly exposed, including names, employee IDs, and internal identifiers, this incident highlights the potential vulnerabilities in even well-established tech companies,” said Stephen Kowski, field chief technology officer at Pleasanton. “While Dell has not yet confirmed the breach, the leaked information could be leveraged by threat actors for targeted phishing attempts or social engineering attacks, particularly given recent trends in cybercriminal tactics.”
Dell has reportedly acknowledged the first incident to media channels, saying the “security team is actively investigating the situation”. However, Dell hasn’t issued a public statement about either of the incidents. To this, in the second post on September 22, grep teased, “GDPR said time is ticking by the way.”
The hacker said they were able to access sensitive internal files from Dell owing to compromised Atlassian tools. “Compromised data: Jira’s files, DB’s table, Schema migration etc, totaling 3.5GB uncompressed,” said grep in the second post. “This time it was breached by Chucky, before Dell makes any claims, we both compromised your Atlassian and accessed Jenkins, Confluence etc.”
The revealed hack details, grep added, should facilitate the investigation.
“grep” on the rise
Hacker “grep” has been involved in several cyberattacks over the past two years, most aligning with the actions of Anonymous, a decentralized collective known for its cyber-attacks against governments and corporations. The alias “grep” is inspired by the Unix command “grep,” which is used to search through files or streams of text for specific patterns.
While it is difficult to track their exact origin, grep’s prominence could be traced to early 2022, mostly for their hacktivism efforts in the Russia-Ukraine conflict. The most recent of grep’s hacks was the CapGemini data breach from September 9 that compromised 20GB of data consisting of source code, credentials, private and API keys, and employee data.
Dell’s running a tough security year, having already suffered an extensive breach in May that exposed data belonging to 49 million customers. It remains to be seen how the company will react to the allegations of what seems to be an ongoing incident. Email queries sent to Dell did not elicit a response at the time of publishing this story.