Third-party firms that handle e-mail marketing for big companies and corporations have lately become a very desirable target for attackers, and the onslaught continues.
The recent Play.com breach has been tied to the attack that its marketing communications firm Silverpop – a company that services over 105 customers, among whom are Walgreens and McDonalds – suffered last December.
But the latest breach will likely have the biggest impact, because marketing services provider Epsilon – the largest one in the world – has notified its customers of a breach that likely compromised all of their mailing lists.
Among Epsilon’s customers are US Bank, JPMorgan Chase, TiVo, Capital One, the Home Shopping Network, LL Bean Visa Card, Ritz-Carlton Rewards, Best Buy, Disney Destinations, Walgreens, and many more.
Epsilon has posted a short notification on their site saying: “On March 30th, an incident was detected where a subset of Epsilon clients’ customer data were exposed by an unauthorized entry into Epsilon’s email system. The information that was obtained was limited to email addresses and/or customer names only. A rigorous assessment determined that no other personal identifiable information associated with those names was at risk. A full investigation is currently underway.”
But, SecurityWeek says that apart from customer names and email addresses, other pieces of information have been compromised in a few cases.
The affected Epsilon customers have been warning their own users about the breach and reminding them to be careful of phishing emails misusing the collected information. Some sent emails, and others used their Twitter accounts to get the message across. Financial organizations like JPMorgan Chase, Capital One, Citi and others have especially made sure to warn their users as soon as possible.
Phishing campaigns using the stolen data have not yet been spotted.