Dell said on Wednesday that it reset passwords for all accounts on its Dell.com online electronics store on November 14, five days after it discovered and stopped hackers who were attempting to steal customer data.
The computer maker did not tell customers about the attack when it forced the password resets, according to a person familiar with the breach.
Dell said in a statement that on November 9 the company detected and stopped hackers who had breached its network and were attempting to steal customer data. Investigators found no evidence that the hackers succeeded, but have not ruled out the possibility that they did steal some data, the company said.
They only sought customer names, email addresses and scrambled passwords, Dell said.
The breach occurred as companies come under increasing scrutiny from regulators worldwide to provide quick and accurate disclosure of customer data theft. The European Union implemented strict new privacy regulations in May that punish violators with fines of up to EUR 20 million ($23 million), or 4 percent of global revenue, whichever is higher.
Dell determined that there were no regulatory or legal requirements that it disclose the incident, but decided to come forward “with customer trust in mind,” according to the source.
Dell declined to say how many accounts were affected, but did say that payment information and Social Security numbers were not targeted.
Dell said it reported the matter to law enforcement.
Representatives with the Federal Bureau of Investigation could not immediately be reached for comment.