Epsilon e-mail hack: What you need to know

Epsilon's e-mail database was breached last week -- here's what you need to be on the lookout for.

By Jared Newman, PC World |  Security, email security, epsilon

Names and e-mail addresses fell into the wrong hands last week, when Epsilon suffered a data breach affecting at least 19 of its client companies. It may sound scary, but don't panic. Here's what you need to know about the Epsilon e-mail hack:

What is Epsilon?

Epsilon is the world's largest permission-based e-mail marketer. Other companies, such as Best Buy, use Epsilon to send promotions or other e-mails to their customers. Naturally, the company has access to a lot of e-mail addresses.

What happened?

On March 30, an unauthorized party gained entry into Epsilon's system and accessed e-mails and customer names for a subset of Epsilon clients. If you're a customer of one of these clients, there's a chance that some hacker now knows your name and e-mail address.

Who is affected?

Epsilon won't specify which of its 2,500 clients were affected, or how many customers' e-mails were stolen, but SecurityWeek has put together the following list: Kroger, TiVo, US Bank, JPMorgan Chase, Capital One, Citi, Home Shopping Network, Ameriprise Financial, LL Bean Visa Card, McKinsey & Company, Ritz-Carlton Rewards, Marriott Rewards, New York & Company, Brookstone, Walgreens, The College Board, Disney Destinations, Best Buy, and Robert Half Technologies.

What's the risk for people who use any of these services?

You may notice an increase in e-mail spam and phishing attacks, which aim to gather passwords and other sensitive information from their targets. Due to the nature of the Epsilon breach, these attacks may address their targets by name, making them more convincing.

Was any other information exposed? Should users change all their passwords and cancel their credit cards?

No. According to Epsilon, no other personal information was exposed besides e-mails and names. Law enforcement and individual companies are doing their own investigations, but unless you've got a really stupid password, your money should be safe.

What can customers do?

Originally published on PC World |  Click here to read the original story.
Join us:






Answers - Powered by ITworld

ITworld Answers helps you solve problems and share expertise. Ask a question or take a crack at answering the new questions below.

Ask a Question