On the 1st April 2011 Epsilon reported on their website “On March 30th, an incident was detected where a subset of Epsilon clients’ customer data were exposed by an unauthorized entry into Epsilon’s email system. The information that was obtained was limited to email addresses and/or customer names only. A rigorous assessment determined that no other personal identifiable information associated with those names was at risk. A full investigation is currently underway.”
Whilst there is no immediate financial risk to those individuals who have had their name and email address stolen there is the risk of their information being used for Spam and phishing attacks.
Epsilon is one of the world’s largest “provider of multi-channel marketing services” and claims to have 2,500 clients, including 7 of the Fortune 10. These clients in the words of Epsilon “trust Epsilon to build and host their customer databases”.
It is believed that Best Buy, TiVo, Walgreens, Capital One, JP Morgan, Citigroup and Kroger are among the 2,500 clients of Epsilon who are likely to have been affected.
It is expected that Epsilon’s clients will issue warnings about the lose of data. This in itself will be part of the problem, because as businesses seek to protect their reputations they will become spammers by sending unwanted emails.
The there is the potential for the hackers to introduce phishing attacks disguised as the legitimate business trying to protect their brand, for example, “sorry we lost your information, can you please update your details here…”
Epsilon’s press release is here.
