Dell’s Data Breach Dilemma: Europe’s Watchdog Steps In
A leading European privacy regulator is on the case after Dell customers’ personal information was compromised, TechCrunch has learned.
Graham Doyle, deputy commissioner of Ireland’s Data Protection Commission (DPC), confirmed to TechCrunch that they have received a breach notification from Dell. He noted that the issue is “currently under assessment” but declined to provide further details.
A Dell spokesperson also acknowledged that the tech giant has informed the relevant authorities and is cooperating with the investigation.
Last week, Dell notified its customers via email about a data breach involving names, physical addresses, and order information. This incident affected customers in the European Union as well. Despite the breach, Dell assured customers that the risk was minimal given the type of information stolen.
However, the plot thickened when TechCrunch reported that the same hacker, known as Menelik, had accessed more data from a different Dell portal. This second breach exposed customer names, phone numbers, and email addresses.
Menelik claimed he exploited vulnerabilities in two separate Dell portals to extract customer data.
Ireland’s DPC has been the most active privacy watchdog in Europe, thanks to the presence of many tech giants’ European headquarters in Ireland, including Dell. The DPC enforces the EU’s stringent GDPR regulations, which have led to significant fines for several companies. Notably, TikTok was fined $379 million for mishandling children’s data, and Meta faced a $1.3 billion penalty for transferring user data to the U.S.
Violating GDPR can cost companies up to 4% of their annual global revenue, highlighting the serious consequences of data breaches.