Dell confirms breach of customer solution centers by World Leaks extortion group

A newly rebranded cyber extortion group known as World Leaks has breached Dell Technologies’ Customer Solution Centers, attempting to extort the tech giant in a data theft incident confirmed earlier this month.

Dell acknowledged the breach to cybersecurity news outlet BleepingComputer, stating that an unauthorized actor accessed a non-production environment designed to showcase Dell products and proof-of-concept setups to business customers. The environment, known as the Customer Solution Centers, is intentionally isolated from Dell’s main corporate networks and customer systems, the company emphasized.

“The threat actor recently gained access to our Solution Center, an environment designed to demonstrate our products and test proofs-of-concept for Dell’s commercial customers,” the company said. “It is intentionally separated from customer and partner systems, as well as Dell’s networks and is not used in the provision of services to Dell customers.”

Dell further clarified that the breached environment primarily contains synthetic, non-sensitive, and publicly available data, often used for simulation and testing purposes. The company’s internal investigation concluded that the stolen data appears to include system configurations, scripts, and backups, with no indication of sensitive corporate or customer information being compromised. The only real data identified in the breach was reportedly an outdated contact list.

Despite these reassurances, the attackers claim to have stolen 1.3 terabytes of data. World Leaks, the group behind the attack, has shared samples of the exfiltrated files online but has yet to list Dell on its public data leak site. The samples reportedly include IT deployment data and internal provisioning scripts, with some files containing internal-use passwords, according to BleepingComputer.

Dell declined to comment on how the breach occurred or whether a ransom demand was made, citing an ongoing investigation.

World Leaks is a rebrand of the former ransomware operation Hunters International, which itself emerged in late 2023 and was suspected to have ties to the notorious Hive ransomware gang, dismantled by international law enforcement in early 2023. Hive was responsible for more than 1,500 cyberattacks and had extracted an estimated €100 million in ransom payments.

By early 2025, Hunters International had claimed responsibility for nearly 300 attacks worldwide before announcing a strategic pivot. In April, the group’s operators said ransomware was becoming increasingly unprofitable and risky, prompting a shift to data exfiltration and extortion without encryption. The operation now operates under the name World Leaks.

Since its rebranding, World Leaks has leaked data from 49 victim organizations. Its affiliates have also been linked to recent attacks exploiting end-of-life SonicWall SMA 100 devices, where attackers reportedly deployed a custom rootkit known as OVERSTEP. Threat researcher Yutaka Sejiyama of Macnica noted that over 20 percent of World Leaks’ listed victims had used these vulnerable devices.