Epsilon email breach could mean big problems

This post was written by Tom Mahoney on April 7, 2011
Posted Under: Fraud Prevention

Data breach at Epsilon

Epsilon is a company you probably never heard of but they almost certainly are an influence on you. You need to know what just happened to them.

How big was Epsilon’s breach?

Epsilon is a huge player in the email marketing game. And you can almost bet that they know about you and one of your email addresses. I feel confident in saying that because they provide the email marketing services for so many big companies that you’ve probably done business with at least one of them.

Earlier this week the news broke that Epsilon’s email system had been breached by persons yet unknown. The extent of the breach and which of their customer databases were hacked is still not public and probably not known. They may never know. According to their own Press Release, only 2% of their client base was impacted and only names and email addresses were affected. But, as the press release states, “… rigorous internal and external reviews continue to confirm that only email addresses and/or names were compromised.” To me, that means that they aren’t sure yet.

To give you an idea of the potential problem, here’s a partial list of Epsilon’s client base: CitiBank, JP Morgan Chase, Capital One, U.S. Bank, Barclays Bank, Verizon, Walgreens, Visa, Kroger, Best Buy, Home Shopping Network, Hilton WorldWide, Marriott International, Disney, Target, 1-800 flowers, AmeriTrade, RedRoof Inns, Ameriprise Financial, Dell Computer, TIAA-CREF.

If you haven’t done business with at least one of these companies I’d be surprised.

What does Epsilon’s breach mean to you?

You may have already gotten an email from one or more of the Epsilon clients. At this point we don’t know if emails were sent out by all their clients or just ones that they’ve confirmed as being affected. I’ve gotten two of them myself.

Names and emails being breached doesn’t sound very ominous when other breaches have involved credit card numbers or even Social Security numbers. But remember they are still trying to confirm the extent of the breach. IF they are correct and only names and emails are affected, this could still have a huge impact.

Phishing emails will start going out to the breached addresses and, since we can assume that the breach was perpetrated by sophisticated criminals, you can count on those phishing emails to look genuine. I hate to say it but a lot of people still fall for these scams. And then there’s the malware – viruses and trojans that could be aboard these emails!

Don’t fall victim to phishing!

  • Do not give your user ID or password in email.
  • Do not respond to emails that require you to enter personal or financial information directly into the email.
  • Do not reply to emails asking you to send personal information.
  • Do not use your email address as a login ID or password.
  • Do not respond to emails threatening to close your account if you do not provide personal information.
  • Do not click on links inside any suspicious email – type the URL in the address bar of your browser or use your bookmark.
    • Bookmark and Share

    Reader Comments

    Great advise, I have personly noticed a marked rise in the number of fake emails from banks and credit card company’s asking for your ID. passwords and even account No. Don’t ever fall for these tricks. Banks and credit card co. never ask for these details online.
    Keep up the good work!

    #1 
    Written By Gary on June 20th, 2011 @ 10:19 AM

    Add a Comment

    required, use real name
    required, will not be published
    optional, your blog address

    Next Post:
    Previose Post: