Help your users understand what to do if their personal information has been compromised.
On March 30th, an incident was detected where a subset of Epsilon clients' customer data were exposed by an unauthorized entry into Epsilon's email system. The information that was obtained was limited to email addresses and/or customer names only.
Though the company has not offered an official list of clients whose customer data was compromised, Security Week and other publications have been maintaining an updated list . It currently boasts 36 companies, including Kroger, Target, Walgreens, Citi, JPMorgan Chase and 1-800-flowers.com. The breach impacted only 2 percent of Epsilon's total clients, the company said.
In an email, Epsilon spokesperson Jessica Simon noted the company could not discuss which clients were impacted and which were not, or how many email addresses were potentially compromised. She also reiterated that only customer names and email addresses were exposed; passwords and account numbers are not at risk.
"We are conducting a full investigation and working closely with authorities," Simon told me.
Given the dearth of information provided by Epsilon, security experts are popping up left and right to speculate as to how the hackers got in, as well as what the breach might mean to those of us whose information was exposed. Not surprisingly, opinions run the gamut. Dr. Hongwen Zhang, CEO of Wedge Networks said in a statement:
With most of humanity using the Internet for communication and decision making, potential damage from this breach is enormous ... There are already many examples of large-scale phishing attacks with the messages tailored to each individual. ...
On the other end of the spectrum, however, sits Perimeter E-Security CTO, Andrew Jaquith. In a blog post, Jacquith wrote:
[S]pam happens. Just make sure that your employees and colleagues don't blindly click on attachments they shouldn't, or blindly click on links embedded in email. Take this incident as an opportunity to reinforce your security policies. But don't worry too much.
He calls the hack "very small beer." I think he's right.