Epsilon Email Security Snafu

If you weren’t familiar with Epsilon before, you’ve likely heard of the Dallas-based marketing firm by now.

On April 1st, a day that companies are known for pranks,  they released this statement:

“On March 30th, an incident was detected where a subset of Epsilon clients’ customer data were exposed by an unauthorized entry into Epsilon’s email system. The information that was obtained was limited to email addresses and/or customer names only. A rigorous assessment determined that no other personal identifiable information associated with those names was at risk. A full investigation is currently underway.”

There’s a good chance that you’ve gotten several emails from some well known companies that you have a relationship with. Does Target,  USBank, Walgreen’s, Best Buy, Tivo, Chase or Capital One ring a bell? However, according to Epsilon, only 2% of its clients were affected by this security breach.

So, what exactly does this mean? How much can really be done with a name and an email address?

The underlying fear that people have about these email addresses being stolen is that the thieves may know which relationships you have with these companies and may perform some very targeted phishing tactics. If you have a bank account with USBank, thieves could potentially send you an email disguised as coming from USBank requesting account info.

What can you do to protect yourself?

I suggest you always go directly to the source if a company is trying to contact you about personal account information. Go to the respective company’s website directly from your browser. Additionally, don’t click on embedded links in emails as a company’s bogus email could potentially direct you to a bogus site disguised as an evil twin.

You may also want to either change or create a free webmail address that deals only with your banks or online purchases. And, if you have any question about an email being legitimate, it’s probably not.