About 50 clients hit by Epsilon e-mail marketing breach
IDG News Service - About 50 companies were affected by a major security breach at e-mail service provider Epsilon Interactive that caused many U.S. corporations to warn their customers of online attacks Monday.
Epsilon first warned of the incident Friday, saying that someone had got into company systems and obtained e-mail addresses and names belonging to some of its customers. But it wasn't immediately clear how many of its 2,500 clients were at risk. Epsilon is still being tight-lipped about the problem, but it has now given a clearer picture of how many companies are affected.
In a brief statement posted to Epsilon's website Monday, the company said that "approximately 2 percent of total clients" -- about 50 businesses -- were hit.
Customers of many of these businesses, which include Target, Citigroup, Tivo and Walgreens, woke up Monday to e-mail warnings, telling them that their e-mail addresses had been stolen, and that spam or malicious messages could be coming their way. But so far, Epsilon has refused to provide a detailed list of all companies that were affected.
Companies hire Epsilon to send out a total of more than 40 billion messages on their behalf each year.
With millions of addresses thought to have been stolen, the problem may be worse than many people realize, security experts said Monday.
That's because once scammers know their victims' names and e-mail addresses, along with the companies that they do business with, they can craft very targeted "spear-phishing" e-mail attacks that try to trick victims into revealing more sensitive information such as passwords or account numbers.
"Everybody is downplaying it by saying, 'at least they didn't get financial information.' Well that's true, but what they did get was enough to potentially get financial information [in a phishing attack]," said Neil Schwartzman, executive director with the Coalition Against Unsolicited Commercial Email, a consumer advocacy group based in Montreal.
The IDG News Service has confirmed that the following companies have warned customers about the breach. Because Epsilon is often engaged by business units within these firms, not everyone who does business with these companies has had their e-mail address stolen. If you have received a notification from a company that is not included on this list, please contact email@example.com.
JP Morgan Chase
New York & Company
- Hackers steal user data from the European Central Bank website, demand money
- Arrests made after international cyber-ring targets StubHub
- SQL injection flaw opens door for Wall Street Journal database hack
- Goodwill Industries probes possible payment card breach
- Aloha point-of-sale terminal, sold on eBay, yields security surprises
- The biggest data breaches of 2014 (so far)
- Blue Shield discloses 18,000 doctors' Social Security numbers
- PF Chang's says breach was 'highly sophisticated criminal operation'
- Breaches exposed 1 in 7 US debit cards in 2013
- New malware program targets banking data
- Social Media Education: The New Edge for Success Failure to train for social media will cost your business money. A recent report showed how digitally prepared companies can unlock up to...
- Social Media in Technology: A Unified Strategy for Success Find out how social media is sparking a new era of customer and industry-understanding in technology enterprises and how industry leaders are overcoming...
- How Network Connections Drive Web Application Performance Users around the globe, on all sorts of devices, expect Web applications to function as seamlessly as desktop applications. This paper discusses the...
- Confront consumerization with convergence Virtualization expert Elias Khnaser spotlights the security, compliance, and governance issues that arise when enterprise users "consumerize" with shadow IT and public cloud...
- What should I look for in a Next Generation Firewall? SANS Provides Guidance With so many vendors claiming to have a Next Generation Firewall (NGFW), it can be difficult to tell what makes each one different....
- Why Are Customers Really Deploying an NGFW? It seems every IT Security expert is talking about the NGFW, but what are people really doing? This webcast covers 5 real-world customer... All Internet White Papers | Webcasts
Our new bimonthly Internet of Things newsletter helps you keep pace with the rapidly evolving technologies, trends and developments related to the IoT. Subscribe now and stay up to date!