Is Epsilon Breach Really All That Bad?

Lora Bentley
Slide Show

Identity Theft

Help your users understand what to do if their personal information has been compromised.

We first heard about the data breach at Epsilon over the weekend, when the company posted a brief notice on its website, which said, in part:

On March 30th, an incident was detected where a subset of Epsilon clients' customer data were exposed by an unauthorized entry into Epsilon's email system. The information that was obtained was limited to email addresses and/or customer names only.

Though the company has not offered an official list of clients whose customer data was compromised, Security Week and other publications have been maintaining an updated list . It currently boasts 36 companies, including Kroger, Target, Walgreens, Citi, JPMorgan Chase and The breach impacted only 2 percent of Epsilon's total clients, the company said.


In an email, Epsilon spokesperson Jessica Simon noted the company could not discuss which clients were impacted and which were not, or how many email addresses were potentially compromised. She also reiterated that only customer names and email addresses were exposed; passwords and account numbers are not at risk.


"We are conducting a full investigation and working closely with authorities," Simon told me.


Given the dearth of information provided by Epsilon, security experts are popping up left and right to speculate as to how the hackers got in, as well as what the breach might mean to those of us whose information was exposed. Not surprisingly, opinions run the gamut. Dr. Hongwen Zhang, CEO of Wedge Networks said in a statement:

With most of humanity using the Internet for communication and decision making, potential damage from this breach is enormous ... There are already many examples of large-scale phishing attacks with the messages tailored to each individual. ...

On the other end of the spectrum, however, sits Perimeter E-Security CTO, Andrew Jaquith. In a blog post, Jacquith wrote:

[S]pam happens. Just make sure that your employees and colleagues don't blindly click on attachments they shouldn't, or blindly click on links embedded in email. Take this incident as an opportunity to reinforce your security policies. But don't worry too much.

He calls the hack "very small beer." I think he's right.

Add Comment      Leave a comment on this blog post
Apr 8, 2011 3:36 AM Alissa F Alissa F  says:

This is one of the activities of the hackers. I can't imagine how they do these but as you can see they are the one who are giving us problems. According to them, companies doing business with Epsilon started warning consumers Monday to be on the alert for phishing emails trying to steal financial institution account numbers and other personal information. I found this here: Epsilon database hack exposes million to phishing attacks

I hope these can be resolved sooner becais all of us are really affected by this. Is it really important for them to ruin one's life? I wish I could do things to stop this because everyone is worried about this recent issues.


Post a comment





(Maximum characters: 1200). You have 1200 characters left.



Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.