Stock Plummets as Epsilon Breach Rears Ugly Head

When will corporations learn? I received 6 data breach emails yesterday because of the Epsilon’s lack of security.

Have you been inundated with more spam and phishing emails recently? If so, it may be due to one of the largest email and data breaches in Internet history. Epsilon is one of the world’s largest providers of marketing-email services and they handle more than 40 billion emails annually and more than 2,200 global brands.

Epsilon issued the following statement: “On March 30th, an incident was detected where a subset of Epsilon clients’ customer data were exposed by an unauthorized entry into Epsilon’s email system. The information that was obtained was limited to email addresses and/or customer names only.”

The following companies have already sent out warnings (like those below) to their companies: Best Buy, Capital One, JPMorgan, Citibank, Kroger, Barclays Bank of Delware, Visa, American Express, US Bank, TiVo Inc. and Walgreen Co, Robert Half, Kraft, Home Shopping Network, QFC, Marriott Rewards, Ritz-Carlton Rewards, Ameriprise Financial, LL Bean Visa Card, Brookstone, Dillons, the College Board, McKinsey & Company, New York & Company, Disney Vacations, Staples, TIAA-CREF, Verizon, Borders, Smith Brands, Abe Books, Lacoste.

While the statement above says that only names and emails were compromised, experts are saying that both Marriott Rewards and Ritz-Carlton Rewards had member rewards points disclosed, along with names and e-mail addresses. This could give scammers more leverage when they attempt a targeted campaign. The Epsilon data breach not only exposed names, information and e-mails of its clients’ customers, but sent its stock down nearly 7 percent before the news was even hours old.

The stolen information will allow scammers to send authentic-looking email messages that appear to come from a bank or other business with whom the user has an existing relationship. The emails will try to trick people into parting with information such as their usernames and passwords for bank accounts or other online accounts, or they could try to trick people into downloading malware on to their systems. People who don’t fall for such scams should be fine. (ComputerWorld)

So how do you know if you have been affected by this massive breach? Watch out for emails (like the ones I received for being a customer of the institutions below) alerting you to the breach. But observe the following precautions:

Be on the lookout for sophisticated phishing emails that seem to be sent from your bank or other financial institution. Now that the bad guys have your name AND email address, they can make them very authentic and already know that you bank with that particular institution.
Keep software protection updated.
Don’t click on any links within the breach emails you receive, as scammers will undoubtedly send phishing versions in the name of data security to extract even more data out of you. Always retype the known website address (www.USBank.com) into the toolbar. You can also move the mouse over the link to see if the domain name matches the company.
Make sure that all websites you visit start with https (which signals that it is a secure connection – not a perfect indicator, but better than nothing).
Don’t give out any sensitive information out via email and be wary about giving it out over the phone.
If you are ever unsure call the number listed on the company website.

These companies will start to lose customers because of the Epsilon breach, and Epsilon will begin to lose stock value and reputation within the industry. Can you imagin a corporation trusting them with their private data again?

John Sileo speaks and consults to clients about information leadership, including identity theft, social media exposure and reputation management. His clients include the Department of Defense, Pfizer, Blue Cross and Homeland Security. Learn more about bringing John to your organization at www.ThinkLikeASpy.com.