Monday, April 4, 2011
Epsilon, the largest global online marketing company that manages communications for a number of the biggest international firms in the world, announced that it has suffered a breach in their e-mail system on March 30th, resulting in the theft of millions of customer data. It is said to be the largest data theft in history.
"On March 30th, an incident was detected where a subset of Epsilon clients' customer data were exposed by an unauthorized entry into Epsilon's email system," Epsilon said.
Epsilon sends out an estimated 40 billion permission based emails yearly on behalf of their 2,500 clients and brands which include some prominent names such as Citi, JPMorgan Chase, Capital One, Mariott Rewards, TiVO, Walgreens, McKinsey, and Kroger. It was initially believed that the breach had only affected customers of Kroger but it is likely that more companies are affected as more companies confirm that they have their data stolen as well. Clients of Epsilon have already begun to take steps to protect their customers by warning them of potential fraudulent emails.
"The information that was obtained was limited to email addresses and/or customer names only," claims Epsilon, and though this may be true, it is all the information needed for a hacker to gain more sensitive information by sending out phishing emails to subcsribed customers. Scams such as this have high success rates as they prey on gullible and uninformed users.
How does it work? Simple.
Take this scenario as an example. SJ, a customer of company XYZ subscribes to receive email notifications of their promotions. She receives an email with the latest products available, and clicks on a link assuming it would take her to the information page for a product she is interested in. What she is unaware of is this - it is a fraudulent email and clicking on that email takes her to a hoax page where she is prompted to enter her personal information. As she is oblivious to this deception, she submits her details, falling into the scammer's trap.
There are other simpler ways too. Such emails could be embedded with a virus that affects a user's computer by simply opening the email.
It is highly important that you are cautious and wary of whom, and to where you give your personal information; how your personal information is handled; and what security is in place to protect your information. A reputable company, and one that values its customers' privacy will inform on their data processing practices. It is their legal duty. You will find this in their Privacy Statement - if they do not have one, be wary. You are, by law, empowered to query such companies, and their third parties on the type and purpose of information kept about you. You have the right to access your information, and to request that this information be deleted where necessary.
Category: