Late last week, on March 31, 2011, the marketing firm Epsilon notified its customers that it had experienced a large-scale data breach affecting consumer information. According to Epsilon, the data breach was “limited to email addresses and/or customer names only,” and “no other personal identifiable information associated with those names was at risk.” The breach affects email addresses provided by a wide-array of clients, including many major financial institutions–such as JPMorgan Chase, Capital One, and Citibank–and numerous retailers–such as Target, Walgreens, Brookstone, and the Home Shopping Network. Epsilon sends more than 40 billion permission-based emails a year and manages consumer databases from 2,500 clients.
Security experts have expressed worries that, while the information harvested from Epsilon may seem like a minor threat, hackers can use email addresses and other compromised information to disseminate targeted phishing campaigns designed to trick consumers into revealing more sensitive personal information. The U.S. Secret Service has begun investigating Epsilon’s data breach.