E-mail marketer Epsilon reveals client’s email addresses for numerous companies.
As many of you may have already heard, e-mail marketing company EpsilonĀ announced that their servers were compromised and that hackers obtained client’s customer data. This data supposedly only includes customer’s names and email addresses. Many of you may be thinking that it does not affect you as you are not a client of Epsilon, but as the list of companies that are a client of Epsilon grows, there is a good chance that you are a client of at least one of their customers.
The total amount of companies that have been affected is not currently known, but the current list is long. The known companies whose information have been accessed include Barclay USA, Disney Destinations, Capital One, Fry’s, Marriott Rewards, Ritz Carlton, Best Buy Rewards Zone, Walgreens, TiVo, Home Shopping Network, JP Morgan Chase, McKinsey Quarterly, New York & Co., and The Kroger Co. These companies have already started to send out emails to their customers explaining that their information has been accessed and to be wary of any emails from them that request personally identifiable information or financial information.
Now you may be wondering what this means to you? On one hand, it may mean nothing and you have nothing to fear. On the other hand, this information may be used to launch Spear Phishing campaigns against the customers of the companies whose data was stolen. A phishing campaign is one where fake emails that impersonate a company are sent to various emails in order to trick recipients into revealing personally identifiable or financial information. Spear Phishing is different because the targets are highly targetted based upon information that the criminals already know about you. As the hackers already have your name and email, these phishing attempts may be highly specific to you and therefore the emails may seem more believable when you receive them
With this said, if you receive any emails from the above companies, or any other company for that matter, that state that they need you to update your password or provide personal information, please do not do so. Instead go to the companies website and contact them on the phone numbers given there to confirm if the email is legitimate. Do not contact them via any email addresses or phone numbers that may be present in the email as they may be fake. Once you call the companies directly and determine if the information they requested is legitimate, you can then provide whatever information they need over the phone.