Epsilon is a company you don't hear a lot about… unless they make a critical security issue that compromises your own data. Latest companies that lost your data are Best Buy and Chase.
On April 1st, 2011 - a day that is usually know for April Fools pranks, Epsilon issued a press release stating that the company e-mail system was breached. Given that Epilson handles e-mail mailing lists for numerous clients, including the heavyweights with millions of e-mail addresses.According to the official press release, on March 30th, 2011:
"An incident was detected where a subset of Epsilon clients' customer data were exposed by an unauthorized entry into Epsilon's email system. The information that was obtained was limited to email addresses and/or customer names only. A rigorous assessment determined that no other personal identifiable information associated with those names was at risk"
During the weekend, multiple companies investigated on the matter and today, they've begun with sending e-mails to all of their clients who might be in risk, if a phishing e-mail comes bearing official credentials. As always, being cautious is a paramount in a situation such as this one.
The interesting bit is that now, we know who these companies rely on targeted e-mail campaign, loyality programs and many more. Who knows, perhaps they'll invest in their own security instead of outsource everything they can and deal with trouble when trouble appears. For instance, this is the letter Chase sent to its clients:
Chase Warning e-mail: Epsilon lost your data, we're truly sorry - Letter by Patricia O.Baker, Senior VP
At the end of the day, Chase and Best Buy obviously failed to protect their users by outsourcing not just the service, but sending the data outside the corporate headquarters / outlets, joining the list of HMOs who got their data stolen.