Data Breach Incident at Epsilon Results in Disclosure of Customer Names and E-mail Addresses

April 5, 2011 - PRLog -- Recently, Epsilon, a leading marketing services firm notified clients of a possible data breach incident. The alert was issued after information security professionals identified unauthorized entry into Epsilon's e-mail system. Security professionals are investigating the incident. According to preliminary investigations, the unauthorized entry resulted in the disclosure of customer names and e-mail addresses. The firm has not divulged the number of customers affected, but has stated that the breach has affected around 2% of the company's clients. The company has over 2,500 clients and sends around forty billion e-mails to end-customers annually on behalf of the clients. Subsequent to the notification, several clients of Epsilon including McKinsey Quarterly, Kroger, JP Morgan Chase, Barclaycard U.S, Citigroup, Capital One, New York & Company, Walgreen and TiVo Inc. among several others alerted customers on disclosure of names and e-mail addresses. The companies have stated that no other personally identifiable and financial information has been disclosed. However, the clients are also conducting their own enquiries to confirm that no other personal and financial information was compromised.

Data infringement incidents may have adverse implications for the affected customers. The extracted information could be used to send spam e-mails. The gathered information could also be used to send phishing and spear phishing e-mails to entice customers to divulge more important information such as credit card details, social security numbers and mailing addresses. The e-mails are cleverly crafted and appear to come from a legitimate source. Last month, customers of Play.com complained of spam and phishing e-mails. The e-mails of the targeted customers were allegedly extracted from SilverPop, another third-party e-mail marketing service provider during a cyber-attack at the end of last year. Marketing companies are vulnerable to cyber-threats as they have databases containing names and e-mail addresses of large number of customers. Information security, integrity and confidentiality are crucial for continued and unhindered growth of business operations. Employees must be updated on the latest Internet threats and preventive mechanisms through refresher and online university degree courses, training sessions and e-learning programs.

Regular security assessment of computer systems and networks is crucial to detect and patch security flaws. Professionals qualified in computer science degree, penetration testing and security certifications may help in timely identification and mitigation of weaknesses in the information security infrastructure. Organizations suffering data breach incidents may have adverse business and legal implications. Clients utilizing the services of the targeted company may not extend, shorten or terminate their contracts, as they may lose customer trust and confidence.

Blogs, e-tutorials and online degree programs may be used to keep Internet users updated on latest security threats and implement safe computing measures. Affected individuals and Internet users must resist from replying to unsolicited e-mails, avoid clicking on links provided in e-mails from unknown sources and ignore e-mail attachments from unknown third parties.  

Contact Press

EC-Council
Website:   http://www.eccouncil.org
Email:  iclass@eccouncil.org
Tel:  505-341-3228

EC-Council University is based in Albuquerque, New Mexico and offers Master of Security Science (MSS) degree to students from various backgrounds such as graduates, IT Professionals, and military students amongst several others. The MSS is offered as a 100% online degree program and allows EC-Council University to reach students from not only the United States, but from all around the world.

EC-Council is a member-based organization that certifies individuals in cybersecurity and e-commerce skills. It is the owner and developer of 16 security certifications, including Certified Ethical Hacker (CEH), Computer Hacking Forensics Investigator (CHFI) and EC-Council Certified Security Analyst (ECSA)/License Penetration Tester (LPT). Its certificate programs are offered in over 60 countries around the world.

EC-Council has trained over 80,000 individuals and certified more than 30,000 members, through more than 450 training partners globally. These certifications are recognized worldwide and have received endorsements from various government agencies including the U.S. federal government via the Montgomery GI Bill, Department of Defense via DoD 8570.01-M, National Security Agency (NSA) and the Committee on National Security Systems (CNSS). EC-Council also operates the global series of Hacker Halted security conferences.

# # #

iClass is EC- Council's online training delivery platform. Students can attend live, or recorded training sessions for courses such as Certified Ethical Hacker (CEH), Certified Security Analyst (ECSA) or Computer Hacking Forensic Investigator (CHFI).