Epsilon hack: 50 companies hit by data breach

Spear phishing is the process of targeting phishing emails at specific groups of internet users, such as customers of a major bank, or even workers at a single organisation.

As reported previously, marketing company Epsilon revealed late on Friday that its opt-in marketing email database - which it operates for a number of mainly US firms - had been breached.

Since then it appears that around 50 firms - many leading brand names - are affected by the data breach.

Security researcher Brian Krebs says security experts are warning internet users to be especially alert for targeted email scams in the coming weeks and months.

"Among Epsilon's clients affected are three of the top ten US banks: JP Morgan Chase, Citibank and US Bank, as well as Barclays Bank and Capital One. More than two dozen other brands have alerted customers to data lost in the Epsilon breach", he said in his latest security blog.

Venafi, the enterprise key and certificate management specialist, is warning businesses of the potential for brand and reputation damage amongst customers.

Jeff Hudson, the firm's CEO, says that clients of Epsilon must notify those internet users whose details have been compromised. As a result he argues that these will likely be less well disposed to the companies concerned.

The reputational impact and damage on their brand could be significant and recovering from such public breaches is difficult, he warns.

"Let's put that simply: if your favourite supermarket chain admitted that your opt-in details had been lost, you probably wouldn't feel good about it. You might even switch your loyalty for the goods or services concerned to another brand", he said.

Over at data forensics specialist Guidance Software, Frank Coggrave, the firm's EMEA general manager, said that the Epsilon attack is just one in a series of recent high profile data breaches.

These, he said, once highlight the issue that no one is safe from these increasingly sophisticated and more targeted attacks.

"Since attacks consistently break through even the toughest of security systems, organisations need to focus on deploying incident response plans to mitigate the effects", he said,

"This effectively enables organisations to find out where the attacks have come from and determine the full extent of the attack, in turn improving checks and processes to ensure the threat is not re-introduced", he added.

What’s hot on Infosecurity Magazine?