Massive Dell data breach hits 49 million users; what this means for your privacy and security | Fox News

This material may not be published, broadcast, rewritten,
or redistributed. ©2024 FOX News Network, LLC. All rights reserved.
Quotes displayed in real-time or delayed by at least 15 minutes. Market data provided by
Factset. Powered and implemented by
FactSet Digital Solutions.
Legal Statement. Mutual Fund and ETF data provided by
Refinitiv Lipper.

Sen. Josh Hawley, R-Mo., joins ‘America’s Newsroom’ to discuss the Republican divide over a potential Foreign Intelligence Surveillance Act renewal and Chinese nationals arrested at the border.

Computer maker Dell faced a huge security challenge after a cyberattack stole information for approximately 49 million customers.

Dell confirmed that the type of information stolen includes people’s names, postal addresses, and Dell hardware and order information, such as service tags, item descriptions, order dates and different warranty information.

Menelik, the threat actor behind the attack, openly told told TechCrunch how he extracted such a huge amount of data from Dell without being detected.

Menelik set up several partner accounts within the Dell company portal which, when approved, allowed the hacker to use a brute-force attack to access customer data. A brute-force attack consists of an attacker submitting many passwords or passphrases hoping to eventually guess correctly.

The hacker sent more than 5,000 requests per minute to the page for nearly three weeks, and Dell did not notice anything. After sending nearly 50 million requests and scraping enough data, Menelik sent multiple emails to Dell, notifying the company of the vulnerability. It took Dell nearly a week to patch it all up, according to the hacker. Dell confirmed to TechCrunch that it received the hacker’s email notification of the vulnerability.

Dell sits as the No. 3 PC vendor in the world behind Lenovo and HP, and the affected accounts represent a small fraction of its user base. The company communicated this statement to affected users:

“We are currently investigating an incident involving a Dell portal, which contains a database with limited types of customer information related to purchases from Dell. We believe there is not a significant risk to our customers given the type of information involved.”

We reached out to Dell and a representative for the company provided us with this statement:


“Dell Technologies has a cybersecurity program designed to limit risk to our environments, including those used by our customers and partners. Our program includes prompt assessment and response to identified threats and risks. We recently identified an incident involving a Dell portal with access to a database containing limited types of customer information including name, physical address, and certain Dell hardware and order information. It did not include financial or payment information, email address, telephone number or any highly sensitive customer data.

“Upon discovering this incident, we promptly implemented our incident response procedures, applied containment measures, began investigating, and notified law enforcement. Our investigation is supported by external forensic specialists. We continue to monitor the situation and take steps to protect our customers’ information.  Although we don’t believe there is significant risk to our customers given the type of information involved, we are taking proactive steps to notify them as appropriate.”


There’s no immediate aftermath of this data leak. Dell believes the risk to its customers is not significant since financial and payment information, email addresses and phone numbers were not stolen in this attack. However, the risk of phishing or even major malware and ransomware attacks still exists. The threat actors might try sending personalized letters with infected drives, a tactic seen before.


There’s a good chance this data leak has already been sold on the dark web. The hacker posted the information for sale on the dark web and then took it down quickly, which often happens when someone buys the whole database. If you’re a Dell customer who bought hardware between 2017 and 2024, be very careful about any messages you get in the mail claiming to be from Dell, especially if they ask for personal information.


In the wake of the cyberattack on Dell, consider taking several proactive steps to protect your personal information:

1. Change your passwords: Although Dell says your personal details like phone number and email address haven’t been leaked, it’s still advisable to change the password of your Dell account if you have one. Consider using a password manager to generate and store complex passwords.

2. Avoid tech support phone scams: Since the hackers have your data, they may try to get in touch with you, posing as a Dell employee. Always verify if the tech support person you’re talking to actually works for Dell. Be skeptical about all unsolicited phone calls, and don’t provide any personal information.

3. Be wary of mailbox communications: Bad actors may also try to scam you through snail mail. The data leak gives them access to your address. They may impersonate people or brands you know, and use themes that require urgent attention, such as missed deliveries, account suspensions and security alerts.

4. Report any suspicious activity: If you notice any suspicious activity related to your Dell accounts or purchases, report them to This may include unauthorized purchases, unusual login attempts, or changes in account information.


You should check your online accounts and transactions regularly for any suspicious or unauthorized activity. If you notice anything unusual, report it to the service provider or the authorities as soon as possible. You should also review your credit reports and scores to see if there are any signs of identity theft or fraud.

Identity Theft protection companies can monitor personal information like your home title, Social Security Number (SSN), phone number and email address and alert you if it is being used to open an account.  They can also assist you in freezing your bank and credit card accounts to prevent further unauthorized use by criminals. See my tips and best picks on how to protect yourself from identity theft.

7.  Invest in personal data removal services: While no service guarantees complete data removal from the internet, utilizing a removal service can be beneficial for those seeking to monitor and automate the deletion of their personal information from numerous sites over time. Check out my top recommendations for removal services here.

Dell’s recent data leak highlights the lapse in the computer maker’s security infrastructure. The attackers being inside the network for an extended period is especially troubling. Given Dell’s role in providing hardware and software solutions, including backup and recovery tools, for critical infrastructure, a thorough investigation into its code and supply chain for signs of tampering is crucial. Dell is working with law enforcement and third-party security experts to investigate the incident, so that’s a step in the right direction.

Have you adjusted your online behavior or preferences due to concerns about data privacy and security breaches? Let us know by writing us at

For more of my tech tips and security alerts, subscribe to my free CyberGuy Report Newsletter by heading to

Ask Kurt a question or let us know what stories you’d like us to cover.

Kurt “CyberGuy” Knutsson is an award-winning tech journalist who has a deep love of technology, gear and gadgets that make life better with his contributions for Fox News & FOX Business beginning mornings on “FOX & Friends.” Got a tech question? Get Kurt’s free CyberGuy Newsletter, share your voice, a story idea or comment at

Get a daily look at what’s developing in science and technology throughout the world.

This material may not be published, broadcast, rewritten, or redistributed. ©2024 FOX News Network, LLC. All rights reserved. Quotes displayed in real-time or delayed by at least 15 minutes. Market data provided by
Factset. Powered and implemented by
FactSet Digital Solutions.
Legal Statement. Mutual Fund and ETF data provided by
Refinitiv Lipper.