Email compromised at Epsilon

Millions of addresses spilled

34 Reg comments Got Tips?

Permission email marketing outsourcer Epsilon has announced a data breach which may affect millions of individuals.

In a single-paragraph statement, the company said the breach affects “a subset” of its customer data, but does not disclose the extent of the breach. The unauthorised entry into its email system gained access “only” to customer names and email addresses, the company’s announcement says.

(Aside: while reading the brief announcement on Epsilon's site, The Register was presented with an “invalid security certificate” warning, shown below.)

As Epsilon claims to deliver more than 40 billion emails each year, “a subset” of its clients’ databases could be very large indeed.

Over the weekend, affected Epsilon customers named by various sources (such as MSNBC) included US supermarket chain Kroger, JP Morgan, Capital One, TiVo, Walgreens, Marriott Rewards and Citibank.

According to the MSNBC report, at least one of the Epsilon customers whose data was breached, Marriott Rewards, warned of more than just customer name and email being exposed. It advised customers that the information accessed included member point balances.

Most of the companies breached have warned customers to be on the alert for phishing attempts.

Other reports can be found in Security Week, the Wall Street Journal, and Bloomberg. ®

SUBSCRIBE TO OUR WEEKLY TECH NEWSLETTER


Keep Reading

Shared memory vulnerability in IBM's Db2 database could let nefarious insiders wreak havoc – so get patching

Lack of protections around trace facility gives local users read and write access

Homeland Security demands a 911 for reporting security holes in federal networks: 'Vulns in internet systems cause real-world impacts'

Great – and who will be the first responders?

Irony, thy name is SANS: 28k records nicked from infosec training org after staffer's email account phished

Updated Names, email addresses, phone numbers, job titles, company names, country of residence etc. pinched

US voting hardware maker's shock discovery: Security improves when you actually work with the community

Black Hat ES&S takes the bold step of not ignoring vulnerability reports

Linux Foundation rolls bunch of overlapping groups into one to tackle growing number of open-source security vulns

OpenSSF to take projects from CII and OSSC under its umbrella

Something a bit phishy in your inbox? You can now email suspected frauds straight to Blighty's web takedown cops

National Cyber Security Centre publishes scam-busting address

ConnectWise issues a slightly scary but unusually significant security advisory

Because IT service providers use ConnectWise to run your IT and this is its first-ever bug report

Admins beware! Microsoft gives heads-up for 'disruptive' changes to authentication in Office 365 email service

Basic authentication will be OFF for Exchange Online email and other services from October 2020

Biting the hand that feeds IT © 1998–2020