SAN FRANCISCO, 5 APRIL 2011 - A data breach at e-mail marketer Epsilon, the sort of company that doesn't usually make the tech headlines, has put at risk millions of users, security experts have warned. Customers of big companies such as Citibank, JPMorgan Chase, Target and Walgreens were affected, and now may be at increased risk of e-mail swindles.
An increased number of e-mail spam and phishing attacks are expected on victims of the Epsilon breach. The attacks could be more convincing because they are targeted by name, too. Which leads to several, yet-unanswered questions:
Why Did Epsilon Have Your E-Mail?
Most e-mail marketing comes from a company you agreed to receive promotional messages from; most consumers have no idea these services are subcontracted to companies like Epsilon, which sent around 40 billion e-mails last year. Someone hacked into Epsilon's systems and took millions of e-mail addresses and names from some of the company's 2,500 client customer data. The list of customers is quite extensive, including Marriott Rewards, TiVo, Capital One, and Home Shopping Network.
But in the secretive world of consumer database collection and third-party services, shouldn't retailers let customers know someone else stores (and is liable to lose) their private data? MSNBC 's Bob Sullivan debates this issue at large.
How Did the Breach Occur?
Information on the breach is scarce. Epsilon says it happened some time on March 30, but it's unknown who, or for what specific purpose the breach happened. BusinessWeek suggest the information was gained by a person outside Epsilon, while the company insists no personal identification or credit card details were compromised
What Can be Accomplished with Stolen E-Mails?
Bruce Schneier, chief security technology officer at BT Group Plc, told Bloomberg that the hackers can't do much with the information. He suggests that some companies will look like they are sending spam when they aren't. But The New York Times reports that this might be the biggest breach ever, and that it could lead to data phishing from inconspicuous customers.
How Do I Protect Myself?
Companies affected by the Epsilon breach are sending e-mails to customers telling them that their e-mail details have been compromised (like this one from Best Buy). But the whole point of the data breach seems to be to make targets believe they were sent a genuine e-mail from a company. Novice users won't go through the trouble of examining the header of each potentially suspicious e-mail, which is putting them at risk even more. Experts have yet to decide the best way to advise users to protect themselves after this breach. However, a healthy dose of caution and skepticism can always help.
Sign up for CIO Asia eNewsletters.