April 04, 2011, 4:54 PM — Names and e-mail addresses fell into the wrong hands last week, when Epsilon suffered a data breach affecting at least 19 of its client companies. It may sound scary, but don't panic. Here's what you need to know about the Epsilon e-mail hack:
What is Epsilon?
Epsilon is the world's largest permission-based e-mail marketer. Other companies, such as Best Buy, use Epsilon to send promotions or other e-mails to their customers. Naturally, the company has access to a lot of e-mail addresses.
On March 30, an unauthorized party gained entry into Epsilon's system and accessed e-mails and customer names for a subset of Epsilon clients. If you're a customer of one of these clients, there's a chance that some hacker now knows your name and e-mail address.
Who is affected?
Epsilon won't specify which of its 2,500 clients were affected, or how many customers' e-mails were stolen, but SecurityWeek has put together the following list: Kroger, TiVo, US Bank, JPMorgan Chase, Capital One, Citi, Home Shopping Network, Ameriprise Financial, LL Bean Visa Card, McKinsey & Company, Ritz-Carlton Rewards, Marriott Rewards, New York & Company, Brookstone, Walgreens, The College Board, Disney Destinations, Best Buy, and Robert Half Technologies.
What's the risk for people who use any of these services?
You may notice an increase in e-mail spam and phishing attacks, which aim to gather passwords and other sensitive information from their targets. Due to the nature of the Epsilon breach, these attacks may address their targets by name, making them more convincing.
Was any other information exposed? Should users change all their passwords and cancel their credit cards?
No. According to Epsilon, no other personal information was exposed besides e-mails and names. Law enforcement and individual companies are doing their own investigations, but unless you've got a really stupid password, your money should be safe.
What can customers do?