Epsilon: 'Biggest ever' data breach nets huge haul for spear phishers

Millions of pre-confirmed emails go missing

By  

Epsilon announced the breach April 1, updating it yesterday to note the breach affected about two percent of its clients.

(Epsilon gets props for announcing the breach in a release on its website, rather than just telling its clients and ignoring potential victims among the public, or sending out a press release and then clamming up. Still, the announcement of a major security breach is about a third the length of the announcement a week earlier that it had hired two new execs to lead its retail marketing business. Priorities. )

Epsilon belongs to $2 billion/yearAlliance Data Systems Corp, which runs customer-loyalty programs, retail customer-data-marketing services, and, through Epsilon, direct-email marketing campaigns for "over 2200 global brands such as Hilton Hotels, Verizon, New York & Company, Kraft, KeyBank, and AstraZeneca."

With verified emails, spammers or spear phishers can direct scams at actual customers and, if they put in the extra work to add personal-identity information from personal-data brokers or online-activity records to build more complete profiles of individual consumersin order to target them more specifically.

The breach is a warning to companies that use outside service providers for commercial email and other services, according to a GovInfoSecurity story on the potential liability of companies owning the stolen data.

Email address lists aren't considered as sensitive as financial or medical data, so they tend not to be as tightly secured in encrypted databases or high-security servers.

Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

Answers - Powered by ITworld

ITworld Answers helps you solve problems and share expertise. Ask a question or take a crack at answering the new questions below.

Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

Ask a Question
randomness