E-Mail Marketing Firm Hacked, Customer Data Accessed
Epsilon, a worldwide marketing service firm, reported on Friday that its clients' customer data, used in e-mail campaigns, have been compromised.
The information, breached by hackers on March 30, includes the names and e-mail addresses of customers who have signed up for e-mail newsletters and other campaigns by Epsilon's clients. At stake is customer data used by companies such as TiVo, JPMorgan Chase, Marriot, Best Buy, and Walgreens, to name a few.
According to a brief Epsilon press statement, "…an incident was detected where a subset of Epsilon clients' customer data were exposed by an unauthorized entry into Epsilon's e-mail system. The information that was obtained was limited to email addresses and/or customer names only. A rigorous assessment determined that no other personal identifiable information associated with those names was at risk. A full investigation is currently underway."
When the breach was first discovered, it was believed that the hackers responsible had gained access to customer information from The Kroger Co., the nation's largest grocery retailer. However, over the weekend, more companies in Epsilon's group of 2,500 companies represented reported similar breaches.
As of today, the list of companies where data have been compromised includes: TiVo, Kroger, US Bank, JPMorgan Chase, Capital One, Citi, Ameriprise Financial, Home Shopping Network, LL Bean Visa Card, Lactose, AbeBooks, McKinsey & Company, Ritz-Carlton Rewards, Marriott Rewards, New York & Company, Brookstone, Wallgreens, The College Board, Disney Destinations, Best Buy and Robert Half Technologies.
In an e-mail to Best Buy Reward Zone members, the company issued the following statement: "We have been assured by Epsilon that the only information that may have been obtained was [recipient's] e-mail address and that the accessed files did not include any other information. A rigorous assessment by Epsilon determined that no other information is at risk."
While the information obtained by the hackers was minimal, affected companies are still warning customers to keep an eye out for fraudulent or unsolicited e-mail. Citibank Tweeted, "Please be careful of phishing scams via e-mail."
Although the threat level associated with e-mail scams are low, due to the lists coming from specific companies and specific brands, phishers can use that information to send out a more personalized campaign.
"We all know that our email addresses are out there because we all get way too much spam, so you might ask what the big deal is," wrote Randy Adams, director of technical education at security software company ESET, in a blog post. "Here's the deal. If a criminal has your name, e-mail address, and knows that you use that e-mail address for your banking or shopping, they now know how to target phishing attacks."
Adams reminds readers that customers subject to this recent security breach should take the same precautions as any information breach.
"If you get an e-mail with a link to a Web site that requires a log on, do not log on," he wrote. "Always go to your vendor's Web site by typing in a known valid internet address."