Last week, Dell notified customers about a data breach, saying in a statement emailed to users that it was investigating a security incident. Now, media outlets are reporting that the technology giant downplayed the severity of the data breach, which they initially claimed was “not a significant risk to our customers.”

Since Dell shared this statement, new information has come to light from a surprising source. On a hacker forum, a user named Menelik took credit for the hack and advertised a dataset of over 49 million customers’ personal data, including full names, full addresses, the system’s service tags, customer numbers, and more. Now, the hacker claims to have sold the stolen data and has shared the details of the cyber attack – even offering a sample of the stolen data to news outlet TechCrunch, which has been verified.

Menelik claims he registered as a partner with a Dell online portal, then he used the portal to scrape Dell customers’ data. The hacker says he “sent more than 5,000 requests per minute to this page that contains sensitive information” and “kept doing this for nearly 3 weeks and Dell did not notice anything.”

The hacker claims it took Dell “a week to patch it all up,” but he has since found yet another vulnerability and has seized the “email and phone number data” of over 30,000 Dell customers.

There are so many problems with this story that we hardly know where to start. From Dell downplaying the attack to customers, to the hacker’s claims that he was able to repeatedly exploit a portal for nearly three weeks without interruption, to his claim that he has since sold the personal data of over 49 million users on the dark web, the whole situation is a giant mess.

This data breach is an example of many repeated failures that created an opportunity for a hacker and a perfect storm for Dell customers. Dell is now facing legal action and a huge blow to its professional reputation.

In recent years, there has been an exponential uptick in cyberattacks. The conversion of most companies’ data storage to the cloud, the explosion of AI tools, and a pervasive cybersecurity skills gap within most companies has allowed hackers to do more damage than ever before.

Reading stories about massive data breaches like Dell’s can make the cybersecurity landscape for small businesses feel hopeless. If Fortune 500 companies with dedicated cybersecurity teams are exploited online, what chance do small companies have? Luckily, there are actually quite a few measures small companies can take to limit successful cyberattacks.

The first step is always awareness. Most of us are familiar with “Suspected Spam” calls and fishy emails, but you might not know all of the ways hackers try to infiltrate businesses online. The most common target for hackers is your email inbox. They will try several common tactics to compromise your email: phishing emails directing you to click external links, spoofing emails impersonating legitimate contacts, and business email compromise to infect your network once they find their way in.

Stay aware of the bad actors who are attempting to enter your inbox. Always check a sender’s information and use legitimate channels to contact providers who may reach out to you via email. Being aware of these scams as you navigate your email and phone habits will eliminate a hacker’s “low-hanging fruit” and make you a more difficult target.

You can protect your business and personal assets by extending your online vigilance across your online tools and browsing habits. This means more than avoiding suspicious links or sketchy downloads. Have a backup system in place to protect your clients and your business. You should also stay as current as possible on system patches and updates for your software tools to ensure you have up-to-date protection. If you’re evaluating new cloud services for your business, ask about the tool’s security capabilities.

Cyber criminals will also exploit human weaknesses. Make sure your team is aware and on board with all security measures, too, to limit hackers’ entry points into your business.

You’ve probably already gathered this from the story of Dell’s data breach, but it’s worth repeating: if you’re subject to a cyberattack, it is vital to rapidly respond and immediately notify any involved parties.

Your clients are everything to your business. It is far better to communicate an attempted cyberattack, state the steps your team is taking to rectify the situation, and share any needed actions on their side than to downplay or issue a vague statement.

You may not have the budget to hire a team of cybersecurity engineers, but there are resources you can use to protect your business within your budget. 2b1 Care’s suite of cybersecurity services is fully customizable to give your business the protection it needs. Our team of cybersecurity experts can work with you 1-on-1 to build bespoke cyber defenses for your business.

The Dell data breach is yet another example of the need for strong cybersecurity measures at all businesses. We don’t expect these cyberattacks to stop any time soon, but you can absolutely protect yourself from cyber criminals online. Interested in learning more? Contact 2b1 now to learn about 2b1 Care’s cybersecurity services.