Extortion Group ‘World Leaks’ Breaches Dell Demo Platform in Data Theft Attack

A newly emerged cyber extortion group, World Leaks, has breached Dell Technologies’ Customer Solution Centers—a demo environment used to showcase products and validate proof-of-concepts for commercial clients. The group is now attempting to extort the company over allegedly stolen data.

Dell has confirmed the unauthorized access, clarifying that the impacted system operates in a segregated, isolated environment that contains synthetic or publicly available datasets, not production or customer information.

“Based on our investigation, the data accessed appears to be primarily synthetic, non-sensitive, and related to test environments,” Dell stated.

Although the attackers claim to have exfiltrated sensitive medical and financial information, Dell insists the content is fabricated for demo purposes. The only legitimate data accessed may be an outdated contact list. Dell also noted that clients are consistently advised not to upload real or private information to the demo platform, minimizing exposure risks.

The company is withholding details about the intrusion and ransom demand, citing an ongoing investigation.

World Leaks is the rebranded identity of the former Hunters International ransomware group, which had code links to the dismantled Hive operation. Since rebranding in early 2025, the group has shifted from file encryption to data theft and extortion, reportedly targeting 49 organizations worldwide.

Cybersecurity experts highlight this shift toward non-encrypting extortion tactics as part of a broader trend. With law enforcement tightening its grip on traditional ransomware operations, attackers are increasingly focused on stealing data and demanding payment to avoid its public release.