Here is another example of how 1 small problem can affect many customers.
Late last week, Epsilon detected that customer information of a subset of Epsilon’s email clients had been exposed by an unauthorized entry into its email system. The affected clients represent approximately 2% of Epsilon’s total client base.
The data stolen from Epsilon — names and email addresses — isn’t considered as sensitive as social-security and credit-card numbers. But security experts warn that a cybercriminal could still use the information to commit fraud, especially if they know which email addresses are associated with customers of particular businesses.
The Secret Service is investigating this breach and people who receive spam should report it to phishing-report@us.cert.gov.
The Epsilon computer system was accessed by an unauthorized party. College Board customer first and last names and email addresses may have been obtained. The College Board sent out a warning about opening links and attachments from unknown senders and spam.
UPDATE (4/3/2011): In addition to The College Board, about 50 businesses who were clients of Epsilon at some point have also been affected. Customer names and email addresses from the following businesses were exposed:
Companies that use Epsilon include;
1-800-Flowers
AbeBooks
AIR MILES Reward Program (Canada)
Ameriprise
Barclays Bank of Delaware (Barclay’s L.L. Bean Visa card)
Beachbody
bebe
Best Buy
Best Buy Canada Reward Zone
Benefits Cosmetics
Brookstone
Capital One
Citi
City market
College Board
Dillons
Disney Destinations (The Walt Disney Travel Company)
Eddie Bauer Friends
Eileen Fisher
Ethan Allen
Food 4 Less
Fred Meyer
Fry’s
Hilton Honors
Home Shopping Network (HSN)
Jay C
JPMorgan Chase
King Soopers
Kroger
Lacoste
Marriott Rewards
McKinsey Quarterly
MoneyGram
New York & Company
QFC
Ralphs
Red Roof Inn
Ritz-Carlton Rewards
Robert Half International
Smith Brands
Target
TD Ameritrade
TiVo
US Bank
Visa (Barclays Bank of Delaware/L.L. Bean Visa, BJ’s Visa)
Walgreens
As of 4/4/2011, Epsilon estimates that the breach affected about 2% of its clients.