‘Upon identifying the incident, we promptly implemented our incident response procedures, began investigating, took steps to contain the incident and notified law enforcement,’ said Dell in an email to customers. ‘We have also engaged a third-party forensics firm to investigate this incident.’

Dell Technologies is investigating a security “incident” involving a portal that contains a database with limited types of customer information related to Dell purchases.

The incident does not pose a “significant risk” to customers, according to an email sent by Dell to customers obtained by CRN.

“Upon identifying the incident, we promptly implemented our incident response procedures, began investigating, took steps to contain the incident and notified law enforcement,” said Dell in the email. “We have also engaged a third-party forensics firm to investigate this incident. We will continue to monitor the situation.”

CRN reached out to Dell but had not heard back at press time.

Dell said there were limited types of customer information “accessed,” including name; physical address; Dell hardware and order information, including service tag; item description; date of order and related warranty information.”

[RELATED: Ascension Data Breach: Health System Says Clinical Operations Disrupted]

Dell said the information involved “does not include financial or payment information, email address, telephone number or any highly sensitive customer information.”

That said, Dell noted that even though there is not a significant risk given the limited information impacted, it advised customers to keep in mind tips to avoid tech support phone scams. Further, the company advised customers that if they notice any “suspicious activity” related to their Dell accounts or purchases they should report it to Dell Security.

An MSP that was contacted by a federally regulated Dell customer that received the email from Dell said the incident is yet another sign that solution providers need to double down on security efforts with all their customers.

“If you are a Dell enterprise customer you are probably getting a call from your account manager,” said the MSP executive, who asked not to be identified. “This is yet another example of the importance of security. No one is immune. Everybody has got to be on their toes. There are no shortcuts anymore. You can’t take your customer and partner relationships for granted and hope their security is going to be as robust as you need it to be. You have to take action on your own to make sure what you are doing meets your business requirements and protects your data.”

A Chief Information Security Officer (CISO) for a Solution Provider 500 company, who did not want to be identified, said he would not be surprised to see the customer information leak to the dark web and be utilized in the future.

“Now that an incident response company has been engaged, it will be interesting to learn if this proliferated to any other systems or was it truly contained to the environment and information they described in the letter.”