Epsilon database hack exposes millions to phishing attacks
Epsilon, an online marketing company, had its database hacked last week. The Epsilon database hack exposed the names and email addresses of millions of customers at credit card companies and major retailers. Companies doing business with Epsilon started warning customers Monday to be on the alert for phishing emails trying to steal bank account numbers and other personal information.
Epsilon clients hit by database hack
The theft of millions of names and email addresses in the Epsilon database hack could possibly be the biggest data security breach in U.S. history. Epsilon, a Dallas-based company which sends more than 40 billion marketing emails a year for more than 2,500 clients, announced Friday that an intruder hacked into client’ customer files that are established when people register at a company’s website or give retailers their email address.
At least a dozen companies were affected. Customers at banks such as Capital One, Barclays Bank, U.S. Bancorp, Citigroup, J.P. Morgan Chase need to be on the lookout for phishing attacks. Consumers who have done business with retailers such as HSN, Best Buy, TiVo, Walgreens and Kroger have also been exposed. The hacker may have also stolen student email addresses from The College Board, an organization that oversees SATs in the U.S. for about 5,900 colleges and universities.
How to spot a phishing scam
It’s likely that the stolen names and email addresses in the Epsilon database hack will be used to target spam. This data security breach could make “phishing” attacks more effective because cyber-criminals can target actual account holders with a bank or retailer. The phishing email tries to trick them into logging in at a fraudulent site created to look like the real site, which captures the login information and gives hackers access to the account. Once hackers have a person’s name and email address, they may also find personal details on Facebook that can be used to make the email more convincing. Phishing scams often ask consumers to update credit card information or urgently warn that if a response isn’t received the account will be closed. Some phishing scams even claim that a response is required because the users account has been compromised.
The biggest data security breach in U.S. history
Although Epsilon said the database hack was limited to customer names and email addresses, the company hasn’t yet made clear how many consumers or students have been exposed. In addition to the Epsilon clients mentioned above, others include Verizon Communications, Hilton Hotels, Kraft Foods and AstraZeneca. Internet security analysts believe the Epsilon database hack may surpass the Heartland Payment Systems hack, currently recognized as the biggest identity-theft incident in U.S. history. Notorious cyber-criminal Albert Gonzalez was sentenced to 20 years in prison after being convicted of leading a ring of hackers that broke into Heartland Payment Systems and stole more than 40 million payment card numbers.