After Customer Data Security Breach, Individuals and Companies Need To Beware Of Increased Possibility Of E-Mail Swindles and Brand Misuse

April 11, 2011

As reported in the New York Times, as well as other sources, the security of online mailing lists handled by Epsilon was recently breached, giving access to the names and e-mail addresses of millions of customers of companies, including JPMorgan Chase, Citibank and Target. While the information itself does not threaten the customers, its use may. Security experts cited by the Times warn that the release of this information puts the customers at increased risk of e-mail swindles and phishing attacks.

"Phishing" refers to the practice of sending e-mails to individuals and companies which appear to have originated from their banks and companies with which they do business, attempting to trick the recipients into providing personal and banking information which can be used to access their accounts or create new credit accounts. The e-mails often notify customers of changes in their status or the originator’s procedures, or make offers of free or reduced charges on goods or services.

The Times report quotes security experts as saying that while the number of people affected is unknown, because of the identities of the companies from which the information could have been taken, this breach could be among the largest ever. Other companies which have alerted customers of potential threat to their information include: Barclays Bank, U.S. Bancorp, Walt Disney, Marriott, Ritz-Carlton, Best Buy, L.L. Bean, Home Shopping Network, TiVo and the College Board. Passwords, account numbers, credit card information, and other confidential information was apparently not available to hackers.

Consumers and companies should be especially vigilant, since hackers engaged in phishing will include brand names and logos in e-mails which appear legitimate. Individuals should refrain from providing information in response to e-mailed requests or contacts. Companies should be alert for the use of their names and brands on phishing e-mails and consider actions to prevent data loss and inform consumers.