SINGAPORE, 7 APRIL 2011 - As about 50 companies were affected by a major security breach at e-mail service provider Epsilon Interactive, it is not yet clear how many of Epsilon's Asian customers have been affected.
Epsilon had reported the breach on Friday. The company reported on Monday (4 April) that "approximately two percent of total clients" -- about 50 businesses -- were hit, including many big name US banks and retailers.
According to a report published by The South China Morning Post, the breach appears to have compromised the names and online addresses of customers of many large companies in Hong Kong and on the mainland (China).
Epsilon has about 2,500 corporate customers worldwide and sends more than 40 billion e-mails annually. The report said that it has had operations in China for 10 years, with offices in Hong Kong, Guangzhou, Shanghai and Beijing. In the region, it has offices in Singapore, Sydney and Melbourne.
Asian customers in the dark?
"But so far affected companies in Hong Kong have yet to pass on the information to their customers," the paper reported. It further said in its report that according to a spokeswoman at Hong Kong's Office of the Privacy Commissioner for Personal Data, companies in the city "have no legal obligation to report a data breach".
According to SCMP, Rik Kirkland, senior managing editor at McKinsey, said in an electronic message sent to a Hong Kong subscriber of the McKinsey Quarterly: "We have been assured by Epsilon that the only information that was obtained was your first name, last name and e-mail address and that the files that were accessed did not include any other information."
Computerworld Singapore tried to guage the reaction of some of Epsilon's customers in the region after the data breach incident became a hot story. One media company that uses Epsilon's email services declined to comment. “This enquiry has come to the attention of ZUJI Singapore, who has ceased using Epsilon for its email marketing services,” said a Zuji Singapore spokesperson.
Australia's Financial Review reported yesterday that computermaker Dell has warned its Aussie customers that they could become the target of email scams as a result of the Epsilon breach.
Epsilon's Asia Pacific website still does not have any specific announcement or advice on this breach. In response to our query, an Epsilon's spokesperson sent us this reply: "We have posted a statement on our website (below). As we conduct a full investigation and work closely with authorities, we are unable to comment any further. I cannot provide any details about the impacted or non-impacted clients." She was referring to the statement posted on the company's US website on 1 April and a two line update on 4 April.
Sign up for CIO Asia eNewsletters.