An email sent out to Dell Australia customers is advising them that their emails may have been accessed by a third party after a security breach at Epsilon, a large US-based email marketing service provider. The Epsilon security breach occurred on March 30, with the email addresses of customers of around 50 companies accessed by an unauthorised user or users. It is not known whether Dell users in other regions are affected, but Dell Australia joins companies like Visa, Disney, Best Buy, Citigroup and several international banks in having its customer email databases compromised.
Read more about the Epsilon email data breach.
A statement from Epsilon confirms the breach: "On March 30th, an incident was detected where a subset of Epsilon clients' customer data were exposed by an unauthorised entry into Epsilon's email system," Epsilon said. "The information that was obtained was limited to email addresses and/or customer names only." According to its Web site, Epsilon has over 2500 customers worldwide and sends over 40 billion emails annually on behalf of its clients.
Dell Australia's email informs customers that a limited amount of their personal details may have been accessed in the intrusion: "Dell's global email service provider, Epsilon, recently informed us that their email system was exposed to unauthorised entry. As a result, your email address, and your first name and last name may have been accessed by an unauthorised party.
"Whilst no credit card, banking or other personally identifiable information was involved, we felt it was important to let you know that your email address may have been accessed.
"We sincerely regret that this incident has taken place and we will continue to work with Epsilon to ensure that all appropriate measures are taken to protect your personal information."
The theft of these email addresses could mean an influx of spam or targeted 'phishing' emails — malicious messages prompting users to share sensitive or valuable information by posing as a legitimate business or service — to current and previous customers of Dell. A thread on Australian Internet forum Whirlpool shows several users claiming receipt of the email.
Only email addresses and customer names were accessed in the breach. Dell Australia has contacted the Australian Communications and Media Authority and the Australian Privacy Commissioner to inform them of the situation, and is working with Epsilon to "ensure that all appropriate measures are taken".