Epsilon, a Dallas-based company that manages email communications for some banking institutions and large retailers, was the brunt of a security breach over the weekend by hackers seeking to steal email addresses.
Several companies, about a dozen in total, suspect hackers may have obtained email addresses and customer names from Epsilon's system. Epsilon is responsible for management of email addresses belonging to several large companies such as Capital One Financial Corp, U.S. Bancorp, Citigroup Inc, JPMorgan Chase & Co., Best Buy Co., Kroger Co., TiVo Inc., and Walgreen Co.
Epsilon has said that no other customer information, besides emails and customer names, was exposed in the breach. We suspect that the emails may be used as targets of spam messages from malicious hackers. Furthermore, these emails could be the source for future malware and phishing scams which is why many of the effected companies such as Disney Destinations, Walt Disney Co.'s travel subsidiary, has already sent emails warning customers of the situation over the weekend.
To better understand the magnitude and potential issues that may result in this breach, try to fathom one company (Epsilon) that sends out over 40 billion emails a year. That's a lot of email messages which means a lot of potential victims. Not to mention, the companies that Epsilon manages email communications for accounts for over 2,500 clients in total.
Having hackers on the loose armed with the emails of large retailers and banking establishments could spark an excessive amount of specially targeted phishing attacks. If you think like a hacker for a moment, you would realize that sending a JPMorgan Chase & Co. targeted spam email to a JPMorgan Chase & Co. customer would tremendously increase the chances of tricking them into relinquishing personal or financial information. Sometimes it is just that simple. Moreover, having an email address belonging to a specific company's consumer may make the job of obtaining account login information almost effortless for an ingenious hacker.
Although the Epsilon breach only accounted for theft of email addresses and customer names, the possibilities are still virtually endless considering how hackers may utilize the stolen information. Computer users, regardless of association with Epsilon managed email communications, should always be skeptical of suspicious email messages.
In an effort to help our readers avoid spam and phishing emails, you may view our exclusive post on "How to Identify Potentially Harmful Spam Emails".
The CNN exclusive video below reiterates the depth of the Epsilon breach and how millions of computer users should be on the lookout for phishing email scams.
Have you received any emails from one of the before-mentioned companies in regards to the Epsilon breach?