A vendor that services countless big-name banks and retailers with web email announced over the weekend its database had been breached.
The hack affected a number of the biggest banks in the country as well as a number of huge retailers. This included Best Buy, Capital One, Barclays, Citibank, JPMorgan Chase, US Bank, Kroger, New York Times Co, Brookstone, TiVo and Walgreens. There were many more, Epsilon has in the neighborhood of 2,600 big-name clients.
All of the affected companies put out a similar release saying Epsilon, a provider of internal cloud email services, notified them about the data breach. Essentially, an unauthorized person outside their company accessed files that included e-mail addresses of customers for those companies.
We are advised by Epsilon that the files that were accessed did not include any customer financial information, but are actively investigating to confirm this. As always, we are advising our customers of everything we know as we know it, Chase said in a statement.
According to Epsilon, this was the case for all of the companies. Only names and emails were accessed part of the breach, not essential information.
The banks advised their customers to ignore emails asking for confidential account or log-in information. They also said familiar looking links in an email can redirect to a fraudulent site.
Security firm Sophos said the breach isn't the end of the world for those affected. However, Paul Ducklin, head of Sophos' security in Asia Pacific, said this kind of breach can lead to a worse outcome.
Losing your email address to scammers and spammers is likely to mean a surge in spam to your account, Ducklin said. Also, losing your email address via a service to which you already belong makes it much easier for scammers to hit you with emails which match your existing interests, at least loosely. That, in turn, can make their fraudulent correspondence seem more believable.