E-mail marketing company Epsilon has had a database hacked, resulting in theft of email addresses and names of many of the company's corporate customers. The company's clients include JP Morgan, Kroger, Capital One, Citigroup and TiVo, reported Bloomberg.
Affected companies have reportedly investigated and have said that no sensitive personal information such as passwords or credit card numbers have been compromised. The hackers did gain names and e-mail addresses of the affected companies' customers. Live e-mail addresses can often be resold to online marketers for high prices.
JPMorgan and Kroger disclosed news of the breach yesterday. The data was managed by Epsilon, a Dallas-based provider of e-mail marketing services and a subsidiary of Alliance Data Services. Capital One and TiVo issued statements today. The information was gained by a person outside Epsilon, according to separate statements.
Jessica Simon, a spokeswoman for Epsilon, declined to say how many more companies might be affected, citing a continuing investigation. She said she didn’t have details on which law enforcement agencies might be involved in the probe.
Security blogger Paul Ducklin of computer security firm Sophos wrote that the breach may not be as harmless as Epsilon and its affected customers are saying. “Losing your email address to scammers and spammers is likely to mean a surge in spam to your account,” noted Ducklin.
But more seriously, “Losing your email address via a service to which you already belong makes it much easier for scammers to hit you with emails which match your existing interests, at least loosely. That, in turn, can make their fraudulent correspondence seem more believable,” he wrote.
Epsilon's other clients include Verizon, Hilton Hotels, Kraft Foods, Walgreens, Best Buy, Lacoste and AstraZeneca. As more and more companies are identified as Epsilon customers, the scope of the data theft is widening, and many analysts are already saying that it could be one of the biggest data breaches in U.S. history.
Epsilon said the breach occurred March 30.
Tracey Schelmetic is a contributing editor for TechZone360. To read more of Tracey's articles, please visit her columnist page.Edited by
Janice McDuffee