TechCrunch has learned that Europe's top privacy watchdog is investigating following a recent breach of Dell customers' personal information.
Graham Doyle, deputy commissioner of Ireland's Data Protection Commission (DPC), confirmed to TechCrunch that the DPC had received a “breach notification in this regard” (referring to Dell), which the agency is “currently evaluating.” Asked for details, Doyle declined further comment.
Asked for comment by TechCrunch, an anonymous Dell spokesperson confirmed that the tech giant “will continue to notify regulators and work with them as appropriate.”
Dell alerted customers via email last week that a data breach had occurred. The company said the theft included customer names, addresses and Dell order information. Some of the stolen data included personal information of Dell customers in the European Union. Even though customers' addresses were stolen, Dell told customers that “given the type of information involved, we do not believe there is a material risk to customers.”
On Tuesday, TechCrunch exclusively reported that the same attackers who claimed last week's data breach were stealing even more customer data from another Dell portal. The data from this second breach includes Dell customer names, phone numbers, and email addresses, as well as a review of a sample of the scraped data seen by TechCrunch, according to the attackers. That's what it means.
In both cases, the attacker, who identified himself as Menelik, said he was able to discover flaws and collect customer data on two different Dell portals.
Ireland's data protection watchdog has become Europe's most active privacy regulator in recent years, as many major technology companies, including Dell, have their European headquarters in Ireland. The DPC has enforced the pan-EU data protection and privacy regulation, known as GDPR, against several companies, some of which were fined $379 million for mishandling children's data. These include TikTok and Meta, which was fined $1.3 billion for violating regulations regarding the transfer of user data. Send personal data to the United States.
Companies that violate GDPR can be fined up to 4% of their annual global turnover.
inquiry
Do you know more about this Dell hack? Or is it a similar data breach? From your non-work device, on Signal (+1 917 257 1382) or on Telegram, Keybase and Wire @lorenzofb, or by email at Lorenzo Franceschi-Bicchierai You can contact us safely. You can also contact TechCrunch via SecureDrop.