Click here to view current Bits From Bill posts Bits from Bill

Technology thoughts leaking from the brain of "Bill Pytlovany"

Tuesday, April 05, 2011

Epsilon lets its customers fix their security failure

Last week a serious failure in storing names and Email occurred due to a security flaw by a company name Epsilon. This may be the largest failure in protecting names and Email in my lifetime.  Epsilon is trying to downplay this failure by claiming it only lost 2% of its database

epsilon

Even though you’ve never heard of Epsilon by now many of you have received letters from companies who use Epsilon to handle their mass Emailing. What we know to be compromised so far is only your name and Email but hackers will also know which companies you do business with.

So you should expect the following.

1) More Spam
2) More Phishing:
You should expect to see targeted Emails from companies affected by this failure. The Email will appear to come from your bank and they’ll know your name. As I often recommend, DO NOT CLICK on links found in an Email.  Go directly to the company web site and see if there is a problem.

Security researcher Brian Krebs has a partial list of companies affected which he has been updating daily.  Click here and scroll down.

So far, Epsilon has been quiet except for the small note above.  They’re letting their customers handle the brunt of this public relations nightmare.

So far I’ve received two Emails but I expect more.

barclays

hiton

So far I have not heard from TiVo, QFC or Marriot Rewards who have my Email and are all listed as affected clients.

Share

Microsoft Windows 8.1 - Full Version

Windows 7 Professional SP1 64bit


14 Comments:

Anonymous Anonymous said...

Thanks, Bill--
So far I've heard from Chase & TIAA-CREF.
Ain't this a helluva note??

5:12 PM  
Blogger michael said...

I've heard from Crucial and Marks & Spencers (UK).

The Crucial one looked odd and that made me wary of the M&S one so I deleted them without displaying images thinking that it was a scam to get us to click an enquiry link.

Mike
Cambridge
England

3:17 AM  
Anonymous Anonymous said...

I've got five.....now I'm wondering about the three companies that haven't sent me a note. And about the fact that my name will have shown up on so many lists, that I am sure to get spam.

9:15 AM  
Blogger Walt said...

Yeh Bill,

My junk has quintupled; my e-mail is databased with 4 of those companies.

Also, my Avast is picking up a couple of new, weird, Trojan Horses and the combo of Super Antispyware with Malware Bites are catching some oddball tracking cookies.

Your WinPatrol identifies some cookies, especially 4 "burstnet" entries, but I have to use Super to kill them.

I'm running combo scans every other day and getting garbage on each sweep.

11:19 AM  
Blogger Anne said...

I just wrote to epsilon directly though the link in your article. Since it was their screw up I would like to know what they are doing about it and where/to whom I should directing the phishing emails I'm going to eventually receive.

11:46 AM  
Blogger All American said...

Strangely enough, about half of those I do business with have been silent. Nice work, merchants in keeping my data secure and in notification. This is my second breech in a month. HealthNet lost several server drives and lost all the data for millions, including medical and Social Security numbers, etc. Isn't data security just wonderful.

12:29 PM  
Anonymous Anonymous said...

I've heard from Citibank and Bank of America nothing from bush yet!

12:48 PM  
Blogger Kahlan Nightwing said...

Thanks for the info, Bill. I got an email from Chase and was wondering what it was about.

I wonder how many of those customers Epsilon will lose now.

1:55 PM  
Anonymous Anonymous said...

Let's see; in the past 3 years I have had my personal information released:

1) By the hospital I work for, because security let a complete stranger with no I.D. (who said he was there to do emergency server service) into our in-house server center!

2) By my bank being hacked! This was a lot of fun. All my accounts were frozen for 2 weeks, all credit cards (for this bank) were closed, and all my auto deposit payroll checks were being directed into a protected account I could not access! They allowed no auto payments to be made for these 2 weeks. They were nice enough to say they would not charge late fees for any account they were responsable for.

3) By one of my doctors, who, when shutting down his practice, thought, it would be fine to just put all his patients files in his buildings dumpster, along with all their old computers (without removing or formatting their hard drives), 7 out of 9 computers could not be accounted for. H.I.P.A. had a field day with him!

4) And just last week I got a letter from a college which stated that all the personal information they had about past employees (I was just a hired tutor!)was hacked.

So far I have 3 identity safe type security companies protecting my identity (all at no cost to me). The colledge breach letter say's they will also be hiring an identity safe company to cover me. I figure next week I'll get letters from all four companies stating their data base has been hacked too.

Gotta love technology; and my F'in luck!

4:10 PM  
Blogger rskajiara said...

I can bet Epsilon will lose a some serious business because of this breach.

4:16 PM  
Anonymous Anonymous said...

In addition to three of the companies on the list (from one of which I had opted out long ago), I've received one of these messages from LaCoste International. I don't recall ever having any dealings with them - I don't even know who they are!

10:33 AM  
Anonymous Andy said...

I've had a problem sending and receiving email from Verizon. Would this have something to do with it? I double checked everything with my ISP and called Verizon twice. Verizon was not only no help but just plain ignorant.

1:24 PM  
Anonymous Anonymous said...

I received the message from my bank. Typically banks will never mention actual dollar losses for fear of confidence erosion followed by bank run ons. Since this is policy, how are we to believe only e-mail addresses were involved?

4:18 AM  
Anonymous Anonymous said...

Add GlaxoSmithKline to the above list!

2:36 AM  

Post a Comment

Create a Link

<< Home