Email compromised at Epsilon

Permission email marketing outsourcer Epsilon has announced a data breach which may affect millions of individuals.

In a single-paragraph statement, the company said the breach affects “a subset” of its customer data, but does not disclose the extent of the breach. The unauthorised entry into its email system gained access “only” to customer names and email addresses, the company’s announcement says.

(Aside: while reading the brief announcement on Epsilon's site, The Register was presented with an “invalid security certificate” warning, shown below.)

As Epsilon claims to deliver more than 40 billion emails each year, “a subset” of its clients’ databases could be very large indeed.

Over the weekend, affected Epsilon customers named by various sources (such as MSNBC) included US supermarket chain Kroger, JP Morgan, Capital One, TiVo, Walgreens, Marriott Rewards and Citibank.

According to the MSNBC report, at least one of the Epsilon customers whose data was breached, Marriott Rewards, warned of more than just customer name and email being exposed. It advised customers that the information accessed included member point balances.

Most of the companies breached have warned customers to be on the alert for phishing attempts.

Other reports can be found in Security Week, the Wall Street Journal, and Bloomberg. ®