Epsilon Email Hack Exposes Bank, Business Customers
Capital One, Brookstone, JP Morgan Chase, and TiVo have issued warnings to their customers, and presumably other Epsilon clients have as well.
10 Massive Security Breaches
(click image for larger view)
Slideshow: 10 Massive Security Breaches
The email system of an online marketing firm serving many major consumer brands has been breached, prompting its clients to issue warnings to consumers.
Epsilon issued a statement on Friday saying that its email system had been accessed without authorization on March 30 and that a subset of its clients' customer data had been exposed.
"The information that was obtained was limited to email addresses and/or customer names only," the company said. "A rigorous assessment determined that no other personal identifiable information associated with those names was at risk. A full investigation is currently underway."
The marketing company's clients include Ameriprise Financial, Best Buy, Brookstone, Capital One, Citi, Disney Destinations, Home Shopping Network, JP Morgan Chase, Kroger, LL Bean Visa Card, McKinsey & Company, New York & Company, Ritz-Carlton Rewards, TiVo, US Bank, and Walgreens, among others.
While the exposed data -- email addresses and customer names -- isn't as sensitive as credit card or social security numbers, Epsilon's clients have nonetheless notified their customers.
The risk is that an attacker could craft a more convincing malicious message by leveraging the knowledge of the target's actual relationships with affected businesses, according to security firm Rapid7.
Capital One, for instance, said it had been notified about the breach and urged customers to be wary of targeted phishing attacks.
"Customers are reminded to ignore emails asking for confidential account or log-in information and remember that familiar looking links in an email can redirect to a fraudulent site," the company said. "If you get an email that claims to be from us but you aren't sure, or you think it's suspicious, don't click any of the links."
Brookstone, JP Morgan Chase, and TiVo have issued similar warnings, and presumably other Epsilon clients have as well.
About the Author(s)
You May Also Like
Beyond Spam Filters and Firewalls: Preventing Business Email Compromises in the Modern Enterprise
April 30, 2024Key Findings from the State of AppSec Report 2024
May 7, 2024Is AI Identifying Threats to Your Network?
May 14, 2024Where and Why Threat Intelligence Makes Sense for Your Enterprise Security Strategy
May 15, 2024Safeguarding Political Campaigns: Defending Against Mass Phishing Attacks
May 16, 2024
Black Hat USA - August 3-8 - Learn More
August 3, 2024Cybersecurity's Hottest New Technologies: What You Need To Know
March 21, 2024