11:51 AM
Connect Directly

Epsilon Email Hack Exposes Bank, Business Customers

Capital One, Brookstone, JP Morgan Chase, and TiVo have issued warnings to their customers, and presumably other Epsilon clients have as well.

10 Massive Security Breaches
(click image for larger view)
Slideshow: 10 Massive Security Breaches
The email system of an online marketing firm serving many major consumer brands has been breached, prompting its clients to issue warnings to consumers.

Epsilon issued a statement on Friday saying that its email system had been accessed without authorization on March 30 and that a subset of its clients' customer data had been exposed.

"The information that was obtained was limited to email addresses and/or customer names only," the company said. "A rigorous assessment determined that no other personal identifiable information associated with those names was at risk. A full investigation is currently underway."

The marketing company's clients include Ameriprise Financial, Best Buy, Brookstone, Capital One, Citi, Disney Destinations, Home Shopping Network, JP Morgan Chase, Kroger, LL Bean Visa Card, McKinsey & Company, New York & Company, Ritz-Carlton Rewards, TiVo, US Bank, and Walgreens, among others.

While the exposed data -- email addresses and customer names -- isn't as sensitive as credit card or social security numbers, Epsilon's clients have nonetheless notified their customers.

The risk is that an attacker could craft a more convincing malicious message by leveraging the knowledge of the target's actual relationships with affected businesses, according to security firm Rapid7.

Capital One, for instance, said it had been notified about the breach and urged customers to be wary of targeted phishing attacks.

"Customers are reminded to ignore emails asking for confidential account or log-in information and remember that familiar looking links in an email can redirect to a fraudulent site," the company said. "If you get an email that claims to be from us but you aren't sure, or you think it's suspicious, don't click any of the links."

Brookstone, JP Morgan Chase, and TiVo have issued similar warnings, and presumably other Epsilon clients have as well.

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
Axle S
Axle S,
User Rank: Apprentice
8/10/2015 | 11:59:27 AM
Well all of this is interesting but keeping in
mind that people who go through all the trouble of
obtaining your personal information intend to use
it in illegal ways. Once one takes the risk of
breaking the law and committing a crime, there is
pretty much no way to protect yourself. All the
precautions in this blog may help against amateur
hackers, but in reality one's accounts and
passwords can be obtained in much simpler ways. I
have experience with computer viruses and
especially phishers and keyloggers and anyone
reading this article should understand that it is
almost impossible to stay 100% protected if you
engage in online banking or shopping using credit
card or other services such as Paypal. Any
skillful programmer will be able to tell you that
antivirus programs cannot detect all viruses and
some can be stealthy and you wont know anything
while every keystroke on your keyboard is being
electronically recorded and uploaded to someones
server. I only know of the ways I have come in
contact with to obtain access to someones
computer, but creative hackers are coming up with
newer and newer security breaches. Even a small
popup on your web browser could in reality launch
a stealthy virus of some sort on your computer.
All this might be frightening and most computer
users dont undersand the danger they put their
private information in when they for instance shop
online or check their bank accounts. There are an
unthinkable amount of ways to infect someones
computer but there is only a few ways to protect
oneself. Perhaps the best, but also somewhat
annoying and time consuming, is to install a
separate operating system on your computer to use
for banking and entering confidential information
such as credit card number to purchase something
from an electronic store. I recommend the [email protected]
User Rank: Apprentice
12/23/2013 | 9:14:35 PM
Hacking solutions

My team & I offer the best hacking services.We can hack or recover any email id,mobile phone,FACEBOOK & website servers & grant our clients access..We always provide proof before payment so you know you are not being ripped off.Send me a mail "[email protected]".We try to reply every client ASAP & execute the project in the quickest time-frame possible.

Need to obtain a lost email? Got that girlfriend that you are suspicious of cheating? The team at [email protected] can solve your problems and your email needs! Just send them an email.
User Rank: Apprentice
6/23/2012 | 7:11:32 AM
re: Epsilon Email Hack Exposes Bank, Business Customers
My team & I offer hacking services.We can hack/recover any email id,FACEBOOK & website servers & grant our clients access..We always provide proof before payment so you know you are not being ripped off.Send me a mail "[email protected]".We try to reply every client ASAP & execute the project in the quickest time-frame possible.
Register for Dark Reading Newsletters
White Papers
Current Issue
Five Emerging Security Threats - And What You Can Learn From Them
At Black Hat USA, researchers unveiled some nasty vulnerabilities. Is your organization ready?
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
Published: 2015-10-15
The Direct Rendering Manager (DRM) subsystem in the Linux kernel through 4.x mishandles requests for Graphics Execution Manager (GEM) objects, which allows context-dependent attackers to cause a denial of service (memory consumption) via an application that processes graphics data, as demonstrated b...

Published: 2015-10-15
netstat in IBM AIX 5.3, 6.1, and 7.1 and VIOS 2.2.x, when a fibre channel adapter is used, allows local users to gain privileges via unspecified vectors.

Published: 2015-10-15
Cross-site request forgery (CSRF) vulnerability in eXtplorer before 2.1.8 allows remote attackers to hijack the authentication of arbitrary users for requests that execute PHP code.

Published: 2015-10-15
Directory traversal vulnerability in QNAP QTS before 4.1.4 build 0910 and 4.2.x before 4.2.0 RC2 build 0910, when AFP is enabled, allows remote attackers to read or write to arbitrary files by leveraging access to an OS X (1) user or (2) guest account.

Published: 2015-10-15
Cisco Application Policy Infrastructure Controller (APIC) 1.1j allows local users to gain privileges via vectors involving addition of an SSH key, aka Bug ID CSCuw46076.

Dark Reading Radio
Archived Dark Reading Radio
Join Dark Reading community editor Marilyn Cohodas and her guest, David Shearer, (ISC)2 Chief Executive Officer, as they discuss issues that keep IT security professionals up at night, including results from the recent 2016 Black Hat Attendee Survey.