Epsilon Data Management, one of the largest ESPs in the field,
reported on Friday that a 'subset' of their customer data had been exposed to an unauthorized third party. As of now, Epsilon is being very tight-lipped about which of their customers may have been affected, but
industry media, based on reports from people receiving warnings from various companies about the breach, are listing almost two dozen major brands as having been involved, including:
- financial institutions (Citi, US Bank, JPMorgan Chase, Capital One, Ameriprise Financial)
- major retailers (Best Buy, Walgreens, Brookstone, Home Shopping Network, Kroger)
- consulting companies (Robert Half, McKinsey & Company)
- customer rewards programs (Disney Destinations, Marriott Rewards)
The extent of this data breach is still being discovered. Until Epsilon comes forth with details, the community will not be certain that they know all of the affected brands.
End users will need to pay much closer attention to email they receive claiming to be from brands they trust. Any email claiming to be from a brand that's been affected by this data breach (whether it's known they're affected or not) could be fraudulent, and links in those mails could point to fake login sites designed to steal end users' credentials. As always, users should be certain their anti-virus and anti-malware software is up to date; they should also make sure they're using the latest version of their preferred web browser, as most browsers now offer some form of built-in protection from fraudulent websites.
[Edit: 16:41 PDT, 4 April 2011 - Target, Inc, has now sent notification to its customers that it was also affected by the data breach]