Last week, hackers broke into a little-known company and stole thousands of e-mail addresses and names -- all customers of 55 companies ranging from retailers Best Buy and Target, to utilities, investment companies and banks.
The company, Epsilon Data Management, is a well-known contractor that creates and manages e-mail marketing campaigns for 2,500 customers and sends 40 billion e-mails a year hoping to get users to click on its clients' links, according to the the Wall Street Journal. The company declined to comment on how many real people were affected by the security breach, saying only that 2 percent of its clients were affected. It also stated that only names and e-mail addresses were taken, not financial information.
But therein lies the rub -- because nowadays a name and an e-mail address can be financial information. Hasn't anyone at Epsilon used PayPal? Or realize that someone with that information could easily hack into your Facebook account, post as you and get you fired from your job, alienated from friends and maybe even arrested?
Over the weekend, many of those affected were sent e-mails. From the e-mail sent from my own bank:
Chase is letting our customers know that we have been informed by Epsilon, a vendor we use to send e-mails, that an unauthorized person outside Epsilon accessed files that included e-mail addresses of some Chase customers. We have a team at Epsilon investigating and we are confident that the information that was retrieved included some Chase customer e-mail addresses, but did not include any customer account or financial information. Based on everything we know, your accounts and confidential information remain secure. As always, we are advising our customers of everything we know as we know it, and will keep you informed on what impact, if any, this will have on you.
There's a chance that those affected by the breach could be tapped for phishing, or sent e-mail to gather more sensitive information, but users can protect themselves by not opening e-mail from unknown senders. That also means not clicking on links in e-mails sent from unknown sources.
According to B.K. DeLong, director of market insights at security consultancy IANS, users should also change their passwords and get new e-mail addresses to make sure they and their infomation stay safe.
That sounds a bit extreme, but sometimes it's better to be safe than sorry.