On March 30th, Epsilon, a major e-mail marketing services provider experienced a security breach that compromised the customer data of some of the businesses that utilize Epsilon for their e-mail marketing needs. The breach affects over 90 high profile companies including but not limited to drugstore chain Walgreens, electronics chain Best Buy, communications provider Verizon, a number of financial services companies including Capital One, Citibank, JP Morgan Chase, Barclaycard, hotel chain Marriott, bookseller AbeBooks, sports apparel dealer Lacoste and retail supermarket chain Kroger. You can view the link at the end for an up to date list of companies affected.
Epsilon reports that while customer names and email addresses have been exposed, no sensitive personal data was compromised. In the days and months ahead, it is anticipated that spammers and cyber criminals will attempt to exploit the trusted relationships customers may have with companies that use Epsilon for their email marketing needs. Affected companies are urging users to be wary of incoming emails that ask for account updates, as they may be phishing scams. There are already websites that have appeared purporting to represent Epsilon that claim to allow people to find out if they have been affected. These are fake sites and are intended to trick individuals into downloading malicious software.
If you conduct business with any of the impacted firms and have provided them with your email address, you should be on the lookout for communication from these businesses providing details and information about this breach of their data. Please note that any correspondence with affected companies should not ask to the customer to confirm or provide any information.
While targeted phishing attacks are likely to increase as a result of this breach, it is important that users are always vigilant for phishing attacks and understand how to recognize a phishing attempt and what users can do to protect yourself and minimize the likelihood of getting phished. The tips below will help you stay safe.
MS-ISAC Newsletter on Phishing:
FTC’s Identity Theft Website:
NCCIC Advisory on Targeted Phishing Attacks:
AntiPhishing Work Group:
Brought to you by: