Dell Australia hit by Epsilon breach

Dell Australia hit by Epsilon breach

Summary: Potentially thousands of Australian Dell customers have had their names and email addresses exposed by the high-profile data breach of United States marketing firm Epsilon.

SHARE:

Potentially thousands of Australian Dell customers have had their names and email addresses exposed by the high-profile data breach of United States marketing firm Epsilon.

mail

(Mailbox image by Allen, CC BY-ND 2.0)

The hardware and services company admitted in an email to customers that their details could be in the hands of hackers and warned against opening emails from unknown senders.

Dell is one of the scores of other companies including Visa, Kraft and the Marriott hotels that were also forced to notify clients of the breach.

"Whilst no credit card, banking or other personally identifiable information was involved, we felt it was important to let you know that your email address may have been accessed," Dell consumer head Deborah Harrigan said in a statement. "While we hope that you will not be affected, we recommend that you be alert to suspicious emails requesting your personal information."

It warned customers that it will never ask for financial information through email.

Yet the compromised names and email addresses are enough to launch targeted phishing attacks on customers. For instance an attacker may masquerade as Dell using email spoofing techniques in a bid to appear legitimate.

Such an attack was used in the high profile breach of RSA, which hit its SecurID token system.

Dell Australia spokesperson Nicole Gemmell said in a statement that the company has notified the Australian Privacy Commissioner and the regulatory watchdog.

The Epsilon breach has claimed the scalps of American Express, Visa, TiVo, Target, the Marriott and Hilton hotel chains, Verizon and Citibank, but Dell Australia is the only one of a dozen of the largest companies with a local presence to have owned up to being affected by the attack.

Target, TiVo, Citibank and the twin hotel chains and card holders have said that their Australian customers have not been affected by the breach, either because they use a local marketing provider or have separate operations from their United States counterparts.

Topics: Dell, Collaboration, Security

Darren Pauli

About Darren Pauli

Darren Pauli has been writing about technology for almost five years, he covers a gamut of news with a special focus on security, keeping readers informed about the world of cyber criminals and the safety measures needed to thwart them.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

6 comments
Log in or register to join the discussion
  • Several security commentators have played down the Epsilon breach, saying that names and email addresses are already widely circulated and can only lead to a bit more spam which most users are alert to anyway. I am rather less optimistic.

    There is plenty of metadata that has probably been breached as well. We should expect that Epsilon has been economical with the truth of the extent of the breach, and taken liberties interpreting what consistutes personal data. A nightmare scenario would be for email logs to have been stolen as well. At teh very least we do know that information about each eprson's commercial relationships bas been brached. The attackers now know which banksm and which hotels are used by these people -- that is marketing gold.

    But wait, there's more! Think about what it means that Dell has alerted its customers in Australia, and that other multinationals like Target and Visa are confident there's no problem here. How can they be sure? The information at Epsilon must have been organised or tagged in some way geographically. Therefore the attackers also know something about the location of the users in the databases that have been raided.

    So already we know it's more than name and email address. For each user, the attackers also know (a) sets of companies which do business with that user, and (b) something about the region they live in.

    I see no cause for complacency about this breach having minimal impact. It's just too soon to tell.

    Steve Wilson, Lockstep.
    swilson5
  • Despite what the article says to the contrary, Hilton Hotels contacted me yesterday about the breach. Dell did today. I am Australian based.
    PPAB-b2bb8
  • As already posted by Steve Wilson, Lockstep there is absolutely no cause for complacency in regards to this security breach.
    The following e-mail, arrived last night (AU EST) with my name, which is tricky to get right, correctly spelled.
    Never before have I received junk mail with my name being correct. In fact, most junk is only addressed to my e-mail account using the e-mail address.
    As suggested by Steve Wilson the hackers could have tagged the personal details in a geographically way. Bingo – there are no other entry with a name like mine in the online telephone directory. Personal security at risk ?
    Of the companies mentioned in the article, I am a customer of Dell and Visa (ANZ card). So far only Dell alerted me to the breach.

    DEAR Hxxxxxx Bxxxxxxx,
    Wednesday, 6 April, 2011 10:18 PM
    From:
    "diamondbankplc Mr watson"

    To:
    xxxxxxxxxx@xxxxx.com

    DEAR Hxxxxx Bxxxxxxx,
    WE WISH TO INFORM YOU ON OUR NEW SYSTEM OF PAYMENT THROUGH ATM VISA CARD . THIS BANK WILL SEND YOU AN ATM VISA CARD WHICH YOU WILL USE TO WITHDRAW YOUR MONEY IN ANY ATM MACHINE IN ANY PART OF THE WORLD, BUT THE MAXIMUM IS FOUR THOUSAND, FIVE HUNDRED UNITED STATES DOLLARS ($4500.00. PER DAY.

    MEANWHILE, WE HAVE PREPARED TO PAY YOU, YOUR $1.5 MILLION DEPOSITED HERE IN OUR BANK ON YOUR BEHALF .

    KINDLY CONTACT THE BELOW PERSON WHO IS IN POSITION TO PROCESS AND RELEASE YOUR ATM PAYMENT CARD TO YOU.

    MR.JOHN WATSON DIRECTOR,
    ATM PAYMENT DEPARTMENT
    DIAMOND BANK PLC BENIN.
    EMAIL: diamondbkplc@cnegal.com

    THE ATM CARD PAYMENT CENTER HAS BEEN MANDATED TO ISSUE OUT YOUR PAYMENT TO YOU IMMEDIATELY YOU CONTACT THEM TO RE-ACTIVATE YOUR ACCOUNT HERE.

    REGARDS,
    MR JOHN WATSON.
    EMAIL: diamondbkplc@cnegal.com
    HB430
    • I hope you enjoy your "$1.5 million" when it eventually arrives!
      Treknology
  • Dell Australia haven't emailed me but that's typical. I'm still waiting for them to notify my that my laptop is one of the models affected by Nvidia's faulty GPUs and that they extended the warranty on the GPU by a year...
    Potoroo
  • I received a note on Sunday from McKinsey that this had happened - a few days before DELL.

    Seems they used epsilon for newsletter distibution
    Leightonj