Epsilon Email Hack Exposes Bank, Business CustomersEpsilon Email Hack Exposes Bank, Business Customers
Capital One, Brookstone, JP Morgan Chase, and TiVo have issued warnings to their customers, and presumably other Epsilon clients have as well.
April 4, 2011
10 Massive Security Breaches
(click image for larger view)
Slideshow: 10 Massive Security Breaches
The email system of an online marketing firm serving many major consumer brands has been breached, prompting its clients to issue warnings to consumers.
Epsilon issued a statement on Friday saying that its email system had been accessed without authorization on March 30 and that a subset of its clients' customer data had been exposed.
"The information that was obtained was limited to email addresses and/or customer names only," the company said. "A rigorous assessment determined that no other personal identifiable information associated with those names was at risk. A full investigation is currently underway."
The marketing company's clients include Ameriprise Financial, Best Buy, Brookstone, Capital One, Citi, Disney Destinations, Home Shopping Network, JP Morgan Chase, Kroger, LL Bean Visa Card, McKinsey & Company, New York & Company, Ritz-Carlton Rewards, TiVo, US Bank, and Walgreens, among others.
While the exposed data -- email addresses and customer names -- isn't as sensitive as credit card or social security numbers, Epsilon's clients have nonetheless notified their customers.
The risk is that an attacker could craft a more convincing malicious message by leveraging the knowledge of the target's actual relationships with affected businesses, according to security firm Rapid7.
Capital One, for instance, said it had been notified about the breach and urged customers to be wary of targeted phishing attacks.
"Customers are reminded to ignore emails asking for confidential account or log-in information and remember that familiar looking links in an email can redirect to a fraudulent site," the company said. "If you get an email that claims to be from us but you aren't sure, or you think it's suspicious, don't click any of the links."
Brookstone, JP Morgan Chase, and TiVo have issued similar warnings, and presumably other Epsilon clients have as well.
About the Author(s)
Tricks to Boost Your Threat Hunting GameNov 06, 2023
Hacking Your Digital Identity: How Cybercriminals Can and Will Get Around Your Authentication MethodsOct 26, 2023
Modern Supply Chain Security: Integrated, Interconnected, and Context-DrivenNov 06, 2023
How to Combat the Latest Cloud Security ThreatsNov 06, 2023
Reducing Cyber Risk in Enterprise Email Systems: It's Not Just Spam and PhishingNov 01, 2023