April 4, 2011

Data Security Breach Threatens Epsilon Customers

A computer hacker penetrated the servers of online marketer Epsilon over the weekend exposing customers from several U.S. companies to a massive and growing data breach.

This could be one of the largest breaches in U.S. history, with a very diverse group of companies that do business with Epsilon.

Epsilon is an online marketing division of Alliance Data Systems Corp. that sends over 40 billion email ads and offers annually to people who are registered on a company's website or who voluntarily give their email addresses while shopping.

In an online statement, Epsilon says, "On March 30th, an incident was detected where a subset of Epsilon clients' customer data were exposed by an unauthorized entry into Epsilon's email system. The information that was obtained was limited to email addresses and/or customer names only. A rigorous assessment determined that no other personal identifiable information associated with those names was at risk. A full investigation is currently underway."

Some of the growing list of companies exposed to the breach include, but are not limited to, Citigroup, Drugstore, Walgreen, Verizon Communications Inc., Blackstone Group LP's Hilton Hotels, Kraft Foods Inc., AstraZeneca,  Video recorder TiVo Inc., Capital One Financial Corp., teleshopping company HSN, College Board students, Best Buys, JPMorgan Chase & Co. and Kroger Co.

An email sent to HSN customers says, "We learned from our email provider, Epsilon, that limited information about you was accessed by an unauthorized individual or individuals."

It went on to say, "This information included your name and email address and did not include any financial or other sensitive information. We felt it was important to notify you of this incident as soon as possible."

Bank customers from Citigroup had their names and some credit card customers' email addresses were obtained, but no account information was breached.

Students who took the SAT tests were warned in an email about the breach and asked to be cautious about receiving "links or attachments from unknown third parties," reports Reuters.

According to the College Board website, there are 7 million students associated with this non-profit organization.

Three years ago, in one of the biggest U.S. identity theft cases in U.S. history, Heartland Payment Systems was penetrated by Albert Gonzalez and his cohorts. Over 40 million payment card numbers were stolen from the credit and debit card processor. Gonzalez was sentenced to 20 years in prison, Reuter reports.

An investigation is underway and Epsilon is looking into what went wrong. It is still unclear how many customers and students have been exposed.

"While we are cooperating with authorities and doing a thorough investigation, we cannot say anything else," says Epsilon spokesperson Jessica Simon.

She says, "We can't confirm any impacted or non-impacted clients, or provide a list (of companies) at this point in time."


On the Net: