photo © 2006 Gene Tew | more info (via: Wylio)In case you haven’t already received the ominous sounding email, data held by email marketing firm Epsilon was compromised earlier this week – the hack apparently executed by one person.
The breach, which keeps broadening in scope as more companies inform their customers, has thus far affected these top brands: TiVo, Walgreens, US Bank, Disney, JPMorgan Chase, Capital One, Citi, Home Shopping Network, McKinsey & Company, Ritz-Carlton Rewards, Marriott Rewards, New York & Company, Brookstone, and The College Board.
The notification emails each brand has been sending their customers is some version of the below.
We have been informed by Epsilon, the vendor that sends email to you on our behalf, that your e-mail address may have been exposed by unauthorized entry into their system.
Epsilon has assured us that the only information that may have been obtained was your first and last name and e-mail address. REST ASSURED THAT THIS VENDOR DID NOT HAVE ACCESS TO OTHER MORE SENSITIVE INFORMATION SUCH AS SOCIAL SECURITY NUMBER OR CREDIT CARD DATA.
Please note, it is possible you may receive spam e-mail messages as a result. We want to urge you to be cautious when opening links or attachments from unknown third parties.
In keeping with standard security practices, the College Board will never ask you to provide or confirm any information, including credit card numbers, unless you are on a secure College Board site.
Epsilon has reported this incident to, and is working with, the appropriate authorities.
We regret this has taken place and apologize for any inconvenience this may have caused you. We take your privacy very seriously, and we will continue to work diligently to protect your personal information.
The College Board
Epsilon is assuring its customers that “only” email addresses and customer names were revealed in the breach but that’s actually not so reassuring. The ability to target spam emails to specific people leaves those affected by the attacks more vulnerable to phishing scams. People are more likely to trust something that looks like legitimate, direct communication. Again: Put on your thinking cap before you give anyone sensitive information like a password or social security number online.
The world’s largest email marketing service, Epsilon sends 40 billion emails a year and manages the customer email database for 2,500 clients according to Security Week. It is currently investigating the incident according to its own announcement.