Hacker selling Dell employees data after a second alleged data breach CSO Online

pppDell Technologies has allegedly suffered two data breaches since Thursday amounting to a breach of over 35GB of data belonging to at least 10000 company employeesppA hacker using the alias grep had claimed the first breach by posting a sample of the stolen dataset on BreachForums for free offering a full release in exchange for 1 BreachForums credit approximately amounting to 030ppIn September 2024 Dell suffered a minor data breach that exposed internal employees data grep said in a September 19 post Were affected over 10800 employees belonging Dell and their partnersppThe dataset has sensitive information belonging to these employees including Employee ID Employee full name Employee status and Employee internal ID Grep added in the postppDays after Grep posted about a second significant breach concerning 35 GB stolen data from Dell this time claiming the breach in collaboration with a fellow hacker Chucky Grep had called the previous attack minorppWith over 10000 employee records reportedly exposed including names employee IDs and internal identifiers this incident highlights the potential vulnerabilities in even wellestablished tech companies said Stephen Kowski field chief technology officer at Pleasanton While Dell has not yet confirmed the breach the leaked information could be leveraged by threat actors for targeted phishing attempts or social engineering attacks particularly given recent trends in cybercriminal tacticsppDell has reportedly acknowledged the first incident to media channels saying the security team is actively investigating the situation However Dell hasnt issued a public statement about either of the incidents To this in the second post on September 22 grep teased GDPR said time is ticking by the wayppThe hacker said they were able to access sensitive internal files from Dell owing to compromised Atlassian tools Compromised data Jiras files DBs table Schema migration etc totaling 35GB uncompressed said grep in the second post This time it was breached by Chucky before Dell makes any claims we both compromised your Atlassian and accessed Jenkins Confluence etcppThe revealed hack details grep added should facilitate the investigationppHacker grep has been involved in several cyberattacks over the past two years most aligning with the actions of Anonymous a decentralized collective known for its cyberattacks against governments and corporations The alias grep is inspired by the Unix command grep which is used to search through files or streams of text for specific patternsppWhile it is difficult to track their exact origin greps prominence could be traced to early 2022 mostly for their hacktivism efforts in the RussiaUkraine conflict The most recent of greps hacks was the CapGemini data breach from September 9 that compromised 20GB of data consisting of source code credentials private and API keys and employee datappDells running a tough security year having already suffered an extensive breach in May that exposed data belonging to 49 million customers It remains to be seen how the company will react to the allegations of what seems to be an ongoing incident Email queries sent to Dell did not elicit a response at the time of publishing this storyppShweta Sharma is a senior journalist covering enterprise information security and digital ledger technologies for IDGs CSO Online Computerworld and other enterprise sitesppSponsored Linksp