We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
80,259 News Articles

Epsilon E-Mail Breach: 4 Unanswered Questions

We still don't know how the breach happened and what hackers hope to accomplish.

A data breach at e-mail marketer Epsilon, the sort of company that doesn't usually make the tech headlines, has put at risk millions of users, security experts have warned. Customers of big companies such as Citibank, JPMorgan Chase, Target and Walgreens were affected, and now may be at increased risk of e-mail swindles.

An increased number of e-mail spam and phishing attacks are expected on victims of the Epsilon breach. The attacks could be more convincing because they are targeted by name, too. Which leads to several, yet-unanswered questions:

Why Did Epsilon Have Your E-Mail?

Most e-mail marketing comes from a company you agreed to receive promotional messages from; most consumers have no idea these services are subcontracted to companies like Epsilon, which sent around 40 billion e-mails last year. Someone hacked into Epsilon's systems and took millions of e-mail addresses and names from some of the company's 2,500 client customer data. The list of customers is quite extensive, including Marriott Rewards, TiVo, Capital One, and Home Shopping Network.

But in the secretive world of consumer database collection and third-party services, shouldn't retailers let customers know someone else stores (and is liable to lose) their private data? MSNBC 's Bob Sullivan debates this issue at large.

How Did the Breach Occur?

Information on the breach is scarce. Epsilon says it happened some time on March 30, but it's unknown who, or for what specific purpose the breach happened. BusinessWeek suggest the information was gained by a person outside Epsilon, while the company insists no personal identification or credit card details were compromised

What Can be Accomplished with Stolen E-Mails?

Bruce Schneier, chief security technology officer at BT Group Plc, told Bloomberg that the hackers can't do much with the information. He suggests that some companies will look like they are sending spam when they aren't. But The New York Times reports that this might be the biggest breach ever, and that it could lead to data phishing from inconspicuous customers.

How Do I Protect Myself?

Companies affected by the Epsilon breach are sending e-mails to customers telling them that their e-mail details have been compromised (like this one from Best Buy). But the whole point of the data breach seems to be to make targets believe they were sent a genuine e-mail from a company. Novice users won't go through the trouble of examining the header of each potentially suspicious e-mail, which is putting them at risk even more. Experts have yet to decide the best way to advise users to protect themselves after this breach. However, a healthy dose of caution and skepticism can always help.

Follow Daniel Ionescu and Today @ PCWorld on Twitter


IDG UK Sites

Best Christmas 2014 UK tech deals, Boxing Day 2014 UK tech deals & January sales 2015 UK tech...

IDG UK Sites

LED vs Halogen: Why now could be the right time to invest in LED bulbs

IDG UK Sites

Christmas' best ads: See great festive spots studios have created to promote themselves and clients

IDG UK Sites

Why Apple shouldn't be blamed for exploitation in China and Indonesia