Dell Australia hit by Epsilon breach

Potentially thousands of Australian Dell customers have had their names and email addresses exposed by the high-profile data breach of United States marketing firm Epsilon.

Potentially thousands of Australian Dell customers have had their names and email addresses exposed by the high-profile data breach of United States marketing firm Epsilon.

mail

(Mailbox image by Allen, CC BY-ND 2.0)

The hardware and services company admitted in an email to customers that their details could be in the hands of hackers and warned against opening emails from unknown senders.

Dell is one of the scores of other companies including Visa, Kraft and the Marriott hotels that were also forced to notify clients of the breach.

"Whilst no credit card, banking or other personally identifiable information was involved, we felt it was important to let you know that your email address may have been accessed," Dell consumer head Deborah Harrigan said in a statement. "While we hope that you will not be affected, we recommend that you be alert to suspicious emails requesting your personal information."

It warned customers that it will never ask for financial information through email.

Yet the compromised names and email addresses are enough to launch targeted phishing attacks on customers. For instance an attacker may masquerade as Dell using email spoofing techniques in a bid to appear legitimate.

Such an attack was used in the high profile breach of RSA, which hit its SecurID token system.

Dell Australia spokesperson Nicole Gemmell said in a statement that the company has notified the Australian Privacy Commissioner and the regulatory watchdog.

The Epsilon breach has claimed the scalps of American Express, Visa, TiVo, Target, the Marriott and Hilton hotel chains, Verizon and Citibank, but Dell Australia is the only one of a dozen of the largest companies with a local presence to have owned up to being affected by the attack.

Target, TiVo, Citibank and the twin hotel chains and card holders have said that their Australian customers have not been affected by the breach, either because they use a local marketing provider or have separate operations from their United States counterparts.