An attack on internet marketing company Epsilon has netted millions of customer email addresses from some of the biggest names in the corporate world.
Epsilon has confirmed that the databases it keeps on corporate customers for email promotions had been hacked and a large number of user names and email addresses were stolen, including those from JP Morgan, Honda, McDonalds, Walgreens, Best Buy, Disney, TripAdviser and Marriot to name a few.
No financial information was taken the company said, and many of those affected have already issued warnings to customers about the attack, warning them to be on their guard.
“We have a team at Epsilon investigating and we are confident that the information that was retrieved included some Chase customer e-mail addresses, but did not include any customer account or financial information,” Chase Bank told customers in an email.”Based on everything we know, your accounts and confidential information remain secure.”
Nevertheless security experts are warning this may be a long term problem. The email mailing list will be valuable to sell on to phishers and malware distributors, who may use it for targeted attacks, but experienced operators in this sector may take a long-term approach.
There’s a lot of high profile news about this incident right now, so the bad guys might not try any attacks immediately, Instead they may decide to wait six months or a year before using the email addresses, when all the fuss has died down and people aren’t being as careful as they are now.
The Epsilon attack should inspire those companies who use third-party agencies like Epsilon to “put their suppliers through the wringer” over security, to protect their client databases. Sophos, a developer of security software and hardware, has already heard from customers who were cancelling their accounts with those companies hit because of fears about online crime.
Epsilon declined to give any more details about the attack until internal and external investigations are complete. At this point in time we are conducting a full investigation and cooperating with the authorities; that’s all we’re able to say at this time, said an Epsilon spokesperson.
What Can You Do?
Consumers can take a number of actions to safeguard their personal information in the wake of the Epsilon hack attack.
Most likely this information will be used for phishing attacks. If they know the email list you subscribe to, it’s more likely they can write a convincing email to deceive you.
First and foremost, when receiving an unsolicited email, do not immediately click on the link or open the attachment contained in the email. The link can take you to a nefarious website, which can infect your computer. Or the attachment may download software that will track your computer keystrokes — including the passwords you type.
Here are some basic steps to follow when receiving an unsolicited email:
- Open a new browser and visit the website that supposedly sent the email; check to see if it’s promoting the same offer that has been sent to you unsolicited;
- Mouse over the link contained in the email and look at the lower left corner of the screen to see if the domain name matches the company that is purportedly sending the email;
- If you must click on the link, once it’s open it should still show the same domain name. If it doesn’t — and it asks you for financial information like a bank account number or social security number, do not provide the information. If the opened link now has a different domain name, although it’s not requesting financial information, the identity thief may have opted to infect your computer with a virus instead.
- Best advice of all is to avoid clicking on links or opening attachments placed in unsolicited emails.
- And, finally, always keep your anti-virus and security software updated.