Massive Email Security Breach at Epsilon

Curtis Blount

Epsilon, one of the world’s largest email marketing services companies and marketing unit of Alliance Data Systems Corp., announced on April 1 that an outside intrusion had hacked into some of its customer files. Epsilon sends e-mail campaigns and offers to consumers who register for a company's website or who give their e-mail addresses while shopping. Epsilon sends more than 40 billion e-mails annually and also runs loyalty programs for many large companies. Epsilon's databases house consumer information cybercriminals could use for targeted phishing, better known as spear phishing, attacks. 

At this point, it is unclear to the depth of this attack. What is known is the stolen data is limited to email addresses and possible user names associated with those email addresses. However, email addresses in the wrong hands can be dangerous, since it will likely give rise to more “phishing” scams where scammers email you to try to get you to reveal more personal information. This is a massive breach with other companies to probably announce email attacks as well.

Following best industry practices, we recommend that you:

• Remain alert to any unusual or suspicious emails requesting your personal information.
• Never provide your login ID or password requested through email.
• Do not provide or confirm any information, including credit card numbers requested through email.
• Be caution when opening links or attachments from unknown senders.
• Delete any emails requesting personal information.

Epsilon, one of the world’s largest email marketing services companies and marketing unit of Alliance Data Systems Corp., announced on April 1 that an outside intrusion had hacked into some of its customer files. Epsilon sends e-mail campaigns and offers to consumers who register for a company's website or who give their e-mail addresses while shopping. Epsilon sends more than 40 billion e-mails annually and also runs loyalty programs for many large companies. Epsilon's databases house consumer information cybercriminals could use for targeted phishing, better known as spear phishing, attacks.

At this point, it is unclear to the depth of this attack. What is known is the stolen data is limited to email addresses and possible user names associated with those email addresses. However, email addresses in the wrong hands can be dangerous, since it will likely give rise to more “phishing” scams where scammers email you to try to get you to reveal more personal information. This is a massive breach with other companies to probably announce email attacks as well.

Following best industry practices, we recommend that you:

• Remain alert to any unusual or suspicious emails requesting your personal information.
• Never provide your login ID or password requested through email.
• Do not provide or confirm any information, including credit card numbers requested through email.
• Be cautious when opening links or attachments from unknown senders. 
• Delete any emails requesting personal information.