The news this week of the colossal breach at marketing services provider Epsilon is another reminder about how easy it is for your customer’s information to be compromised. You may not have heard of Epsilon, or on the flip side your company may be one of the organization’s 2500 clients, entrusting them as your firm’s permission-based email provider. But by now you have probably heard about what is being called the largest name and email breach in the history of the Internet.
Epsilon is the world’s largest company of its kind, sending out 40 billion emails annually and working with seven of the Fortune 10 to manage customer databases. The recent breach is estimated to have compromised 2% of Epsilon’s client base, or 50 brands, so one way or another there’s a good chance that you may have been affected by this data disaster; either professionally, as a client, or personally, as a customer yourself of one of the many major brands they represent (ranging from Citi to Kroger to US Bank, JP MorganChase, Best Buy, Target, and the list goes on.)
The media coverage over this incident has exploded in a firestorm. Epsilon and its parent company, Alliance Data Systems Corporation, have assured their clients that the breach only compromised customer names and email addresses, not financial or other sensitive data. This information has in turn been conveyed to millions of affected customers by the trusted – but breached – brands that held their information, via legions of apologetic emails that have flooded the cyberwaves in the past week. The emails have also come with important warnings: names and emails alone are sufficient data to launch targeted spear-phishing – that are more likely to be successful since they address targets by name and understand their relationship with a given brand. Indeed, given that some experts believe the Epsilon breach may be the largest ever, sophisticated v in the coming weeks.
Whether it’s this breach or future ones, cybersharks are always circling the waters around your clients, so help your customers understand how to protect themselves from spear-phishing.
“We encourage people to use caution when opening email that appears to be from their bank, financial institution or the IRS, especially in light of recent targeted attempts by fraudsters to steal people’s sensitive information,” said Jennifer Leuer, general manager of Experian’s ProtectMyID. “It’s always best to not click on links or open unsolicited emails, rather, visit websites directly by typing the exact name into the URL and contact the organization’s customer service department to inform them of the potential phishing activities if you receive a suspicious email. It only takes a second, but could protect you from the hassle of identity theft.”