Epsilon Email List Hack Could Lead to Spear Phishing, Expert

Online marketing firm Epsilon (www.epsilon.com) announced over the weekend that its database was breached by hackers last week, potentially affecting millions of banking and retail customers.

Though the names and email addresses of some customers were stolen, Epsilon maintains that "no other personal identifiable information associated with those names was at risk."

In a statement posted on its website Monday, Epsilon said that "the affected clients are approximately 2% of total clients and are a subset of clients for which Epsilon provides email services."

The breach is just the latest in a series of hacking attacks targeted at consumers in an attempt to attain their email records for more focused phishing scams.

The practice is known as "spear phishing", where hackers target email addresses associated with a specific organisation.

These cybercriminals can ultimately use this information to help them to create more authentic-looking emails in order to steal financial information or distribute malware software.

Hackers compromised the database of the Epsilon unit of Alliance Data Systems Corp, stealing some clients' customer names and email addresses.

Epsilon sends 40 billion emails each year to many high-profile clients in the banking and retail sector, including seven of the 10 largest companies in the world.

The company has not yet determined a full list of which clients' customer email addresses were affected, but Marks & Spencer, Barclays Bank, Best Buy, Capital One, Citi, Disney Destinations, JPMorgan Chase, Marriott Rewards, McKinsey & Company, and Ritz-Carlton Rewards have already contacted their customers to alert them about the breach.

print this article

Return to security news headlines
View Security News Archive

Share with: