Dell.com Hit with Cyber Attack, then Resets All Customer Passwords

Cyber attacks are our new reality. It sometimes seems there is just no escaping it no matter what apps, websites you use. Just a few years ago it seemed shocking to read the news of a large site’s security being breached. It’s no longer shocking and is nearly “ho-hum.”

This time it was Dell.com that was hacked. The online electronics store was hit earlier this month. They discovered hackers trying to steal customer data, and five days later they reset the passwords for all customer accounts.

A person familiar with the breach claims Deal did not tell customers the website had been cyber attacked and that the hackers were after their data when they reset all their passwords.

In a statement the company said that on November 9 they found hackers had breached Dell.com to steal customer data. The hackers were in search of customer names, email addresses, and passwords, yet those were scrambled. Payment information and social security numbers were not targeted.

news-dell-cyber-attack-logo

Dell stopped them and couldn’t find any evidence that they were successful but are not ruling it out that some data was stolen.

Because of all the companies that have dealt with customer data being stolen, regulators across the globe are trying to enforce that customer data theft be disclosed quickly to their customer base.

This is the whole basis of the European Union’s GDPR that was implemented last May and why the penalties are so stiff. Violators of the new rules could be subject to fines up to twenty-million euros or four percent of their global revenue, whichever is the larger of the two numbers.

Despite that, Dell doesn’t believe there were any regulatory or legal requirements that it disclose their data breach, yet they decided to come forward anyway “with customer trust in mind,” according to a source.

news-dell-cyber-attack-warning

Dell reported the incident immediately to the authorities.

While Dell seems to have done everything that they could do, the whole situation just leaves an underwhelming feeling. It shouldn’t leave us saying, “Oh, here we go again.” It should leave us shocked that such a thing could happen.

And for this to happen to a tech company, it seems particularly shocking. It would seem they would have better preventative measures in place.

But the good news is that they reported it right away despite it seeming like nothing was actually taken, unlike other organizations that try to keep it covered up. Although it is a little puzzling that there are reports passwords were changed without even alerting the customers.

Do you have an account with Dell.com? Did this affect your data? Does this leave you worried even if you don’t have an account with Dell.com? Let us know how you feel about Dell.com being hacked and the situation it seems so many companies are in with data breaches.

8 comments

  1. “Just a few years ago it seemed shocking to read the news of a large site’s security being breached.”
    It wasn’t because less sites were being breached but because companies were loath to disclose breaches of their databases.

    “While Dell seems to have done everything that they could do”
    Apparently not.

    “It should leave us shocked that such a thing could happen……..And for this to happen to a tech company, it seems particularly shocking.”
    Why? Just as tech companies hire the brightest and the most capable working for them on security, there are others, just as bright and capable, who are greedy and/or have a warped sense of humor who work on breaching that security. Security is a constant battle between the two groups. One group develops an attack, the other group responds with a counter-measure. Rinse and repeat.

    “the situation it seems so many companies are in with data breaches”
    For various reasons companies do not maintain their cyber-security at the bleeding edge of technology. Security is reactive, not proactive. It cannot be set up for unknown threats, it can only respond to known ones.

    Large software companies including backdoors and spyware in their software so they can harvest customer data does not help cyber security. Government(s) insisting on backdoors being included in software so they can ferret out terrorist does not and will not help cyber security. If Microsoft and Google, and NSA and FBI can use the backdoors, sooner or later so can the hackers. So, do not expect for data breaches to go away any time soon.

  2. And another one bites the dust!

    Marriott just announced a data breach in which about 500 million records of their Starwood Hotels database were compromised over the last 4 years. From what Marriott says, it seems like it was a inside job where someone copied the database. This begs a question: Dindn’t they do regular security audits and security stress tests?

    As a penalty, companies should be fined a $1000 per compromised record. Yes, that would be draconian and force some companies into bankruptcy However, a penalty like that would strongly incentivize companies to make sure that their cyber security was as up-to-date as possible. It would be simple business decision for them, spend$millions or $tens of millions on maintaining security or pay $hundreds of millions or $billions in penalties. The current penalties, at least in the US, are nothing more than a slap on the wrist. Penalties cost companies less than up-to-date security.

    Another measure that would incentivize companies, or at least the corporate boards, would be something similar to the RICO Act. CEOs and other senior management members should be held accountable for the acts and missteps of their underlings. Currently, whenever a cyber security breach occurs, some nameless, faceless IT drudge is thrown to the wolves while those that formulated the security policies skate away scot-free.

    The two measures I suggested will not stop data breaches but they should encourage companies to make cyber security, not profits, PRIORITY #1.

  3. I’m thinking big companies like Marriott do take privacy measures. I find it hard to belive they would play loosey goosey with that type of thing. Then again, Marriott doesn’t take personal privacy too seriously. They were the ones who were sued for giving Erin Andrews’ stalker her room number and letting him book the same room next to her, then not noticing when he drilled a hole between the rooms and took videos and pictures of her.

    Sometimes I think if hackers want to hit something badly enough that they’ll find a way, no matter the privacy measures.

    • “I’m thinking big companies like Marriott do take privacy measures.”
      I’m not saying they don’t. But is it as seriously as the NSA, Snowden not with standing, or is it just “This is good enough”? The answer comes down to how much money are the companies willing to spend for security. If one maps the cost of security, the graph would be an asymptote. The first 99% of security is relatively inexpensive to obtain and the graph is relatively flat. Each successive “9” you want to put to the right of the decimal point increases your costs maybe not geometrically but certainly not linearly. You pay more and more for a smaller and smaller increase in security.

      “I think if hackers want to hit something badly enough that they’ll find a way”
      Without a doubt. With enough resources even Ft. Knox can be robbed. But who has those resources and enough perseverance? Thiefs/hackers will go after lower hanging fruit. We rarely hear about the unsuccessful attempts. All we hear about is the successful break-ins affecting hundreds of millions of records such as Yahoo, Equifax and Marriott. We don’t hear about smaller breaches because they have become ho-hum news. Other than Edward Snowden, we have not heard of the NSA being hacked because it may not have been done yet, and because even if it was accomplished, the NSA would not admit it.

      Regarding Erin Andrews case.
      Yes, they should have been a little more circumspect in releasing guest information but I can think of many legitimate reasons why such information may be requested and released. As far as “allowing” the perpetrator to drill holes in a wall, there is no way for a hotel to prevent a guest from doing pretty much anything that they want in the privacy of one of the rooms. Just look at all the rooms trashed by rock starts. Please understand that I am in no way condoning, excusing or alibiing Marriott. In a word, they blew it.

  4. Why are REPLIES being posted like original comments rather than indented under the post being replied to? Is that bug or a feature?

  5. Not altogether sure. I am guessing it’s either a WordPress update or a change in theme when our editor-in-chief tinkered with it.

  6. RE: Erin Andrews case. Yeah, I know there’s not much they can do regarding someone drilling a hole in a wall, but to give out a famuos person’s room number, then allow someone to book the room next to them is unforgivable. My son works as an ops manager for a Marriott hotel, and I certainly would hope he would know better at least morally, if it’s not a legal issue.

  7. The saying goes “If Someone Can BUILD It?….Someone ELSE Can BREAK It”. This holds true for everything mankind has ever designed / built /created. etc. The Titanic was man’s finest achievement supposedly “unsinkable”, and it now sits at the bottom of the ocean. The Challenger & Columbia two space shuttles that were supposed to be the most “advanced” ever built, both disintegrated mid air, one upon liftoff and one upon re-entry. There is nothing that cannot be hacked in this day and age of cyber-malcontents. If they have the time (and as a hacker who cares what time it is in the comfort of their basement / attic?), and they have the resources (not much needed these days…an internet connection…a VPN or a connection that’s hidden by the Tor Network) and they have the know-how (again….scour the Internet and you’ll find enough information to hack foreign governments….Federal agencies, educational institutions, and hospitals.)….then what’s to stop them from going after and succeeding at intrusion methods against tech companies? The answer is: Nothing. And the more the companies and agencies try to fight, the more they’ll get hacked. The only TRUE way to prevent hacking and security breaches?…is the one method that NO ONE will agree to or sanction. Its the George Orwellian method of having every node, every wi-fi access point and every connection to the internet, registered, and monitored by all-seeing eyes. And while you could argue that we’re already being “watched” by Big Brother?…while they might have IP addresses, and co-location AP’s they don’t have the ability to see EVERYTHING, (or else how could someone amass two / three years worth of child pornography?….wouldn’t they be arrested the minute they access a site/link?…what about people who obtain phony visas, and other forged papers online?) so we’re not “there” yet. but that would be the ONLY way to completely stop cyber-heists and other breaches. To have say…an office in every country, doing the same thing….monitoring ALL traffic EVERYWHERE! I would think they would assign a machine to do the monitoring as humans would be susceptible to “missing” something…or being “fooled” into thinking the traffic they see is legal and legitimate, but a machine could decipher the zeros and ones and would be able to identify all offending traffic. It would suck, because you’d not be able to visit sites that would be considered “against the government” or any forums where there’s speech against the leaders of a country, but you damn sure wouldn’t have any more cyber crime, as…the minute someone looks up “Hacking techniques for Dummies” there’d be a complement of black Crown Victorias and SUV’s waiting for you when you got home.

Leave a Comment

Yeah! You've decided to leave a comment. That's fantastic! Check out our comment policy here. Let's have a personal and meaningful conversation.

Sponsored Stories