Epsilon Email List Hack Could Lead to Spear Phishing, Experts Say

Add Your Comments

–- Online marketing firm Epsilon (www.epsilon.com) announced over the weekend that its database was breached by hackers last week, potentially affecting millions of banking and retail customers.

Though the names and email addresses of some customers were stolen, Epsilon maintains that “no other personal identifiable information associated with those names was at risk.”

In a statement posted on its website Monday, Epsilon said that “the affected clients are approximately 2 percent of total clients and are a subset of clients for which Epsilon provides email services.”

The breach is just the latest in a series of hacking attacks targeted at consumers in an attempt to attain their email records for more focused phishing scams.

The practice is known as “spear phishing”, where hackers target email addresses associated with a specific organization.

These cybercriminals can ultimately use this information to help them to create more authentic-looking emails in order to steal financial information or distribute malware software.

Hackers compromised the database of the Epsilon unit of Alliance Data Systems Corp, stealing some clients’ customer names and email addresses.

Epsilon sends 40 billion emails each year to many high-profile clients in the banking and retail sector, including seven of the 10 largest companies in the world.

The company has not yet determined a full list of which clients’ customer email addresses were affected, but Ameriprise Financial, Barclays Bank, Best Buy, Brookstone, Capital One, Citi, The College Board, Disney Destinations, Home Shopping Network, JPMorgan Chase, Kroger, LL Bean Visa Card, Marriott Rewards, McKinsey & Company, New York & Company, Ritz-Carlton Rewards, Target, TiVo, US Bank, and Walgreens have already contacted their customers to alert them about the breach.

Hilton Hotels and Ethan Allen are also believed to be affected by the breach.

Add Your Comments

  • (will not be published)