NEW YORK (AP) -- With the possible theft of millions of consumer email addresses from an advertising company, several large companies have started warning customers to expect fraudulent emails that try to coax account login information from them.
A dozen companies said over the weekend that hackers may have learned their email addresses because of a security breach at a Dallas-based company called Epsilon that manages email communications.
Among the affected companies are banks like Capital One Financial Corp., Barclays Bank, U.S. Bancorp and Citigroup Inc., JPMorgan Chase & Co., and retailers like Best Buy Co., TiVo Inc., Walgreen Co. and Kroger Co.
The College Board, the not-for-profit organization that runs the SATs, also warned that a hacker may have obtained student email addresses.
Walt Disney Co.'s travel subsidiary, Disney Destinations, sent emails warning customers on Sunday.
Epsilon said Friday that its system had been breached, exposing email addresses and customer names but no other personal information.
The email addresses could be used to target spam. It's also a standard tactic among online fraudsters to send emails to random people, purporting to be from a large bank and asking them to login in at a site that looks like the bank's site. Instead, the fraudulent site captures their login information and uses it to access the real account.
The data breach could make these so-called "phishing" attacks more efficient, by allowing the fraudsters to target people who actually have an account with the bank.
Epsilon sends more than 40 billion emails annually and has more than 2,500 clients.
Click here to subscribe to this article via RSS!
Click here to share this article via email!
Click here to share this article via facebook!
Click here to share this article on Twitter!
Click here to share this article on Reddit!
Click here to share this article on Digg!
Click here to share this article on MySpace!
Click here to share this article via email!
Click here to share this article via facebook!
Click here to share this article on Twitter!
Click here to share this article on Reddit!
Click here to share this article on Digg!
Click here to share this article on MySpace!
1 Comments
Jason Rines
Caged environments with data security monitoring software is what Epsilon should have had and didn't. While such security software cannot prevent the theft of the data, having it in the first place discourages this kind of theft. I am fairly certain this in an inside job.
Data theft is a form of embezzlement and back in 2005 or 2006, new laws were passed making sensitive theft of consumer data a felony. Whoever did this will be doing a few years in the steel pagoda. Prior to the year mentioned, the risk was worth the reward for an employee to steal the data, sell it for a couple hundred thousand dollars and even if caught only do a few months in jail. Also, with a felony this individual won't be getting another job in the U.S. indefinately. Not very smart.
Another process to prevent this kind of theft is to have only one individual have access to the master database and that manager has a PGP encryption key for the server the data is located on which is nearly impossible to crack. The data remains offline without any connection to the Internet, accept on each necessary operation that is made. While this process adds some slight costs, it would also have prevented the theft from occurring.