Dell Demo Environment Hacked, ‘Synthetic’ Information Accessed

‘A threat actor recently gained access to our Solution Center, an environment designed to demonstrate our products and test proofs-of-concept for Dell’s commercial customers,’ a Dell’s statement read. ‘It is intentionally separated from customer and partner systems, as well as Dell’s networks and is not used in the provision of services to Dell customers.’

Dell Technologies said hackers broke into one of the company’s environments used to demonstrate products for commercial customers, however the data used there is “synthetic” and separated from customer and partner systems.

“A threat actor recently gained access to our Solution Center, an environment designed to demonstrate our products and test proofs-of-concepts for Dell’s commercial customers,” according to a statement from Round Rock, Texas-based Dell, which was shared with CRN. “It is intentionally separated from customer and partner systems, as well as Dell’s networks and is not used in the provision of services to Dell customers.”

The breach was first reported by BleepingComputer.

[RELATED: Dell Investigating Portal Security ‘Incident,’ Says No ‘Significant Risk’ To Customers]

According to a Dell partner who spoke with CRN on background, the Dell Customer Solution Center is commonly referred to as the CSC. The partner said there are three primary hubs – New York City; Round Rock, Texas; and Santa Clara, Calif. – which are situated at or near Dell’s executive briefing centers.

The primary purpose for the solutions center is for Dell’s direct sales force and its selling partners to showcase Dell’s infrastructure solutions to customers, which includes building custom proof-of-concept environments ranging from a single server to more complex and sophisticated solutions.

“We use it when there is a specific solution we want to showcase or build a proof-of-concept for, and don’t have it available within our own lab environment,” the partner told CRN. “Or to get access to Dell engineer or product management resources.”

Dell said any data that is used in the facility or its platform is fabricated for the purpose of customer demonstrations.

“Data used in the solution center is primarily synthetic (fake) data, publicly available datasets used solely for product demonstration purposes or Dell scripts, systems data, non-sensitive information and testing outputs,” Dell’s statement read. “Based on our ongoing investigation, the data obtained by the threat actor is primarily synthetic, publicly available or Dell systems/test data.”

The statement continued: “Like many companies, we work tirelessly to combat online criminal activity including those seeking to break into our systems and networks. Protecting the security and maintaining the trust of our customers and partners is a top priority.”

In May 2024, Dell said a database with limited customer information was hit in a security incident.

At the time, Dell said the incident did not pose a “significant risk” to customers, according to an email sent by Dell to customers. In a statement to CRN in May 2024, Dell said that no financial or payment information was lost. The company also said that no email addresses, telephone numbers, or any sensitive customer data were put at risk.