Marketing firm Epsilon, a third-party vendor that manages customer e-mail databases for more than 2,500 clients, said an unauthorized entry into its email system took place last week, reportedly compromising millions of clients’ customer names and e-mail addresses.
“On March 30, an incident was detected where a subset of Epsilon clients’ customer data were exposed by an unauthorized entry into Epsilon’s e-mail system,” the company, a subsidiary of Dallas-based Alliance Data Systems Corp., said in an April 1 press release.
According to several sources including www.krebsonsecurity.com and a press release issued by consumer identity theft security and restoration firm iSekurity, the affected Epsilon clients include American Express, Ameriprise Financial, Barclays Bank of Delaware, Capital One, Citibank, JP Morgan Chase and U.S. Bank.
Epsilon said the stolen data is limited to customer names and e-mail addresses only. “A rigorous assessment determined that no other personal identifiable information associated with those names was at risk,” Epsilon said. “A full investigation is currently under way.”
The Pennsylvania Department of Banking this week warned consumers to look out for e-mail phishing scams following the Epsilon incident and a recent attack against security giant RSA.
“Scammers could use e-mail addresses and other information recently stolen from Epsilon and RSA Security to try to trick consumers into providing personal information, including bank account or credit card information,” a Pennsylvania Department of Banking press release said. “Perpetrators of phishing scams can max-out a victim’s credit cards, empty their bank accounts or take out loans in their name. An identity thief can also establish new accounts with banks, credit card companies, utilities and other businesses.”