Ireland’s Data Protection Commission (DPC) is investigating recent breaches involving Dell customers’ personal information.
Graham Doyle, deputy commissioner of the DPC, confirmed that the DPC has received a breach notification from Dell and is currently assessing the situation. Doyle declined to provide additional comments.
A Dell spokesperson also confirmed that the company has notified regulators and will continue to cooperate with them as needed.
Last week, Dell informed customers via email about a data breach that involved customer names, physical addresses, and order information. Some of this stolen data included personal information of customers in the European Union. Dell reassured customers that it believes the risk is not significant given the nature of the information involved.
Earlier reports revealed that the same threat actor responsible for the first breach had accessed more customer data from a different Dell portal. This second breach included customer names, phone numbers, and email addresses. The threat actor, who goes by Menelik, claimed to have exploited vulnerabilities in two different Dell portals to obtain the data.
Ireland’s data protection watchdog has been highly active in recent years, especially since many major tech companies, including Dell, have their European headquarters in Ireland. The DPC enforces the EU’s General Data Protection Regulation (GDPR) and has previously issued significant fines to companies like TikTok, fined $379 million for mishandling children’s data, and Meta, fined $1.3 billion for transferring user data to the United States.
Under GDPR, companies can face fines of up to 4% of their annual global revenue for violations.
