Dell manufactures computers for individuals and businesses around the world has experience a data breach on April 28th 2024 of 49Million records from 2017 to 2024 which according to the breached (Breach Forums) website includes:
- Full Name
- Address
- City
- Province
- Post Code
- Country
- Service Tag
- Shipped Date
- Warranty Plan
- Serial Number
- Dell Customer Number
- Dell Order Number
According to https://www.statista.com/statistics/298943/pc-shipments-worldwide-dell/ Dell ships about 40Million computers a year, so over 8 years that is a roughly 320million computers (exact numbers aren’t needed).
Companies typically have systems or copies of data for these functions:
- CRM / Sales [Customer Data]
- Customer Support [Customer Data]
- Warranty [Customer Data]
- Shipping [Customer Data]
- Data Analytics [Customer Data]
- Marketing [Customer Data]
- ERP / Company Financials [Customer Data]
- Project Management
- Supply Chain
- Learning
- Communication (Office365 / Google Workspace)
- HR
Based on this information and with some assumptions lets see if we can figure out where the data breach occurred from. From the list above we can see that the because the data does not contain phone numbers or payment information then it is unlikely the data breach was from Shipping, CRM, Data Analytics, Marketing or Customer Support. which leaves Warranty or ERP / Company Financials. Considering there are no costs or numbers for the sale then it is unlikely to be ERP / Company Financials. This means the mostly likely cause of the breach is from Warranty and this aligns to the fact the information provided is aligned to providing Warranty support.
According to a reddit user there is a 6% out of the box failure rate (https://www.reddit.com/r/Dell/comments/dflpxx/6_out_of_box_failure_rate_dell_support/).
Therefore 49mil breached records / 320mil computers sold provides a warranty (failure) rate of about 15%.
According to techgenix (https://techgenix.com/laptop-and-pc-failure-rates) the first year is 2 percent-5 percent and the second year is 5 percent-8 percent failure rate, which doesn’t include a 3rd year, so it is plausible 15% failure rate over a 3 year or longer warranty is expected for Dell.
On this basis if this is due to a warranty Breach, this could be caused at Dell or by some of the companies Dell outsources the warranty/support to such as Unisys (https://www.cnet.com/tech/tech-industry/dell-taps-unisys-in-server-services-deal/).
So is this Data Breach internally from Dell or externally from their Warranty provider such as Unisys? If it was internally it might be expected that the data might include more information such as price of computer, so it is more likely the data breach source is from:
- A warranty API service
- The transfer of data to a Warranty provider
- The usage of this data at the Warranty provider
It is possible there was/is a vulnerable API considering there is are Dell Websites/APIs for Warranty that can be enumerated (guess Service Tags) that provide Service Tag, Serial Number, Shipping Date, Warranty Plan and Country:
- https://www.dell.com/support/contractservices/en-au/entitlement/contractservicesapi
- https://www.dell.com/support/components/rvps/en-au/v1/getrvps?appname=warranty
- https://www.dell.com/support/home/en-au/product-support/servicetag/XXXXXX/overview?ref=suphptitle
It is also possible it was data sent to a Warranty provider, however this seems less likely as the warranty provider would need a method to contact the person for warranty such as phone or email and neither are in this information.
Therefore on that basis due to the process of elimination the most likely cause is an insecure API but as we don’t have internal knowledge or access to the actual systems or data transfers to know for certain this is just a guess till more information comes from Dell.
