Cyber Incident Victim: Dell Inc.

On early July 2025, Dell confirmed that its Customer Solution Centers platform had been breached by the extortion group known as World Leaks. The breach was disclosed to BleepingComputer after the group attempted to extort the company for a ransom. World Leaks is a rebrand of the Hunters International ransomware operation, which shifted from file encryption to pure data extortion in early 2025. Hunters International was first observed in late 2023 and had been linked to over 280 attacks worldwide before the rebrand.

Dell stated that the compromised platform is used to demonstrate products and solutions to customers and is isolated from the rest of its customer‑facing and internal networks. Although World Leaks claimed to have exfiltrated 1.3 terabytes of data, BleepingComputer’s review indicated that the majority of the material consisted of configuration scripts, backups, and system data from IT deployments on the platform. The only legitimate data identified as stolen was a very outdated contact list, while any apparent medical or financial samples were fabricated. Some of the leaked files contained internal provisioning passwords, but no sensitive corporate or customer information was found.

Dell declined to provide details on how the breach occurred, citing an ongoing investigation, and also refused to elaborate on the ransom demand made by World Leaks. The group’s affiliates have been associated with the exploitation of end‑of‑life SonicWall SMA 100 devices, where a custom OVERSTEP rootkit was installed. A threat researcher noted that ten of the forty‑six organizations listed on World Leaks’ data leak site had been using SMA 100 appliances. Dell’s Customer Solution Centers remain partitioned from its core networks, and the company has not disclosed any further actions taken beyond confirming the incident.