Potentially millions at risk as data-breach hits big business

Potentially millions of customer names an email addresses of retailers and financial institutions have been compromised as attackers breached a high-profile online marketer.

Citigroup, JP Morgan Chase, U.S. Bank, Barclays Bank, Best Buy, Hilton WorldWide, Marriott International, among others, were alerted that a data breach at Dallas-based Epsilon may have led to the loss of millions individual identities.

The company, which bills itself as the world's largest email marketing provider, says it sends over 40 billion emails annually on behalf of 2,500 clients.

Epsilon, a division of Alliance Data Systems Corp, disclosed the breach in stages beginning last Friday. The companies, in turn, have been sending e-mail warnings to their respective customers.

The leak is the latest in high-profile breaches as intruders become more sophisticated.

Comodo, which manages the digital certificates used to authenticate websites, last month disclosed that intruders stole the means to create faked websites that look and behave like the real ones.

And RSA, the security division of EMC, recently disclosed that intruders gained access to the technology behind RSA security tokens, small devices that issue one-time pass codes generally used for accessing sensitive corporate accounts.

According to an RSA blog, an attacker sent two different phishing emails over a two-day period to two small groups of employees that seemed harmless, with the subject line 2011 Recruitment Plan.

This was intriguing enough for one of the employees to actually pull the e-mail out of their junk box and double-click on the email attachment, according to the blog.

The financial toll of these breaches are still yet to be known.