The Epsilon e-mail breach has escalated into a “massive breach,” according to SecurityWeek blogger Mike Lennon.
One of Epsilon’s clients, grocery chain The Kroger Co., subsequently notified its customers that the database had been breached, and urged its customers to be wary of e-mail from senders they did not know. Later, it was revealed that JPMorgan Chase, Capital One, Marriott Rewards, McKinsey Quarterly, US Bank, Citi, Ritz-Carlton Rewards, Brookstone, Walgreens, The College Board, and the Home Shopping Network (HSN) have joined the ranks.
SecurityWeek notes that while the information harvested may seem like a “minor threat” — after all, it’s just e-mail addresses — targeted phishing messages to these customers are likely to yield a higher “hit rate” than a blind spamming campaign. In other words, people are much more likely to click on an e-mail (or link within an e-mail) that addresses them by name and purports to be from Citi Bank (especially when Citi Bank is the bank they use) then they are to click on an e-mail that addresses them as “Big Guy” and purports to be from a male “growth” company.
In some cases, more than just e-mail addresses and names were disclosed — Ritz-Carlton Rewards had member rewards points disclosed, along with names and e-mail addresses. This could give scammers more leverage when they attempt a targeted campaign.
If you subscribe to e-mail marketing from any of these brands, never fear — you’re in no danger as long as you keep an eye out for e-mail from senders you don’t know, and don’t send any sensitive information (such as credit card or banking info) to “companies” via e-mail. It’s also a good idea not to open any attachments unless you personally know who’s sending you the e-mail and what the attachment is.
Follow Sarah on Twitter (@geeklil) or at sarahpurewal.wordpress.com and Today @ PCWorld on Twitter.