Dell resets customer passwords following cyber attack

The company has just issued a statement with more detail regarding the incident

Dell has confirmed that it detected and stopped unauthorised activity on its network which attempted to extract data from customers including names, email addresses and hashed passwords.

The situation resulted in Dell carrying out a forced password reset for customers. But Dell did this on 14 November some five days after discovering the hack attempt on 9 November, meaning customers were potentially left in the dark about the risk posed to their personal data. 

However, the tech giant was keen to assure its customers that following an internal investigation, no information was extracted. That said, it did add that it might be possible that some information had been removed from Dell's servers.

Dell confidently says that no credit card or other sensitive information was extracted from the network, nor did it impact any of its products or services.

"Upon detection of the attempted extraction, Dell immediately implemented countermeasures and initiated an investigation," Dell said in its statement. "Dell also retained a digital forensics firm to conduct an independent investigation and has engaged law enforcement."

Advertisement
Advertisement - Article continues below
Advertisement - Article continues below

"In this age of highly sophisticated information security threats, Dell is committed to doing all it can to protect customers' information," Dell added. "This includes encouraging customers to change passwords for other accounts if they use the same password for their Dell.com account. Dell will continue to invest in its information technology networks and security to detect and prevent the risk of unauthorised activity."

IT Pro has approached Dell for comment over a Reuters report alleging that the company failed to tell customers of what happened when it forced the password resets but had not received comment at the time of publication. 

This is particularly significant because, following GDPR, firms are facing stricter regulations regarding data breaches. Companies are required to tell its customers quickly and accurately about the details of any data breach which would affect them, or risk fines that could rise into the millions.

Featured Resources

What you need to know about migrating to SAP S/4HANA

Factors to assess how and when to begin migration

Download now

Your enterprise cloud solutions guide

Infrastructure designed to meet your company's IT needs for next-generation cloud applications

Download now

Testing for compliance just became easier

How you can use technology to ensure compliance in your organisation

Download now

Best practices for implementing security awareness training

How to develop a security awareness programme that will actually change behaviour

Download now
Advertisement

Recommended

Visit/security/internet-security/354417/avast-and-avg-extensions-pulled-from-chrome
internet security

Avast and AVG extensions pulled from Chrome

19 Dec 2019
Visit/security/354156/google-confirms-android-cameras-can-be-hijacked-to-spy-on-you
Security

Google confirms Android cameras can be hijacked to spy on you

20 Nov 2019

Most Popular

Visit/policy-legislation/data-governance/354496/brexit-security-talks-under-threat-after-uk-accused-of
data governance

Brexit security talks under threat after UK accused of illegally copying Schengen data

10 Jan 2020
Visit/operating-systems/microsoft-windows/354526/memes-and-viking-funerals-the-internet-reacts-to-the
Microsoft Windows

Memes and Viking funerals: The internet reacts to the death of Windows 7

14 Jan 2020
Visit/network-internet/broadband/354530/openreach-offers-free-full-fibre-installation-for-thousands-of
broadband

Openreach offers free full-fibre installation for thousands of homes

14 Jan 2020
Visit/security/vulnerability/354524/microsoft-to-patch-extraordinarily-serious-cryptographic-flaw
vulnerability

Microsoft to patch ‘extraordinarily serious’ cryptographic flaw

14 Jan 2020