Dell Data Breach Raises Urgency for Improved Security Measures

Last week, Dell confirmed a data breach that potentially impacted the names and physical addresses of as many as 49 million customers.

The hacker, who goes by the name Menelik, said he accessed the data by “brute forcing” a company portal and setting up several accounts which, once approved, allowed him to scrape Dell’s servers for personal information. 

The incident raises significant questions about how companies can set up safeguards against these kinds of attacks.

Eric Parizo, principal cybersecurity analyst at Omdia, said that while the impact of Dell’s breach could have been worse, the incident still raises concerns regarding customer safety.

“Overall, early information suggests that the impact of the breach is only moderately severe, as the amount of personally identifiable information seems limited,” Parizo said. “That said, there is enough information that could be combined with other publicly available information, as well as past data breaches, to potentially enable adversaries to mount attacks on specific targets,

“It also erodes the trust and confidence customers and partners have in Dell.”

“Broadly, this is yet another example of a company failing to put data security at the forefront of its wider cyber security posture,” said Adam Strange, Omdia’s principal analyst of data security.

Related:Dell Data Breach Impacts 49 Million Customers

Despite increased awareness of the threat of hackers, the recent attacks show even major corporations are at risk, with Dell’s announcement joining a rising tide of similar incidents across organizations spanning sectors including health care, retail and hospitality. 

What Can Companies Do?

Email addresses are a major vulnerability, according to cybersecurity company Surfshark. The company found that since 2004, more than 17 billion email addresses were leaked globally. Since 2004, 3 billion accounts have been breached in the U.S. alone.

Data breaches surged this year, with 435 million accounts compromised in the first quarter of the year, up from 81 million in the fourth quarter of 2023.

"Dell’s data breach reminds us that not even large and well-known companies are immune to cyber incidents,” said Lina Survila, Surfshark spokeswoman. “It's imperative for individuals to prioritize their online safety by using strong passwords, enabling two-factor authentication and staying informed about cyber threats."

Parizo pointed to the need for companies to prioritize application programming interface (API) security, ensuring only certified parties can access and use an API and thereby protecting data transmitted through it. 

Related:City of Wichita Cyberattack Ongoing, Services Remain Down

“This incident underscores the growing importance of API security,” he said. “While easily overlooked, it is trivial for adversaries to quickly assess and exploit any overly permissive AP.”

“Enterprises must ensure API discovery and classification is part of external attack surface management processes and validate that proper security controls are in place.” 

Strange said businesses should first take stock of their data and the potential vulnerabilities it has, before diving into security solutions.

“Organizations are still, to a large degree, looking towards securing the perimeter and then securing APIs and email vulnerabilities etc, without first finding all their data assets, assessing risk to the business and classifying data accordingly,” said Strange. “ Trying to implement a strong security posture without knowing what you are trying to protect opens up organizations to infiltration like this,  

“Start by protecting data at the heart of a cybersecurity posture, then cascade outwards.  This is the data security posture management model, which takes a much more focused, holistic and thorough approach to data security.”