Email service provider Epsilon has been hit by a hacking attempt which affected many top level companies including Citi, Disney Destinations, Best Buy and Target. The press release posted on Epsilon’s website last Friday states that just 2 percent of total clients was hit, and only email addresses and/or customer names were obtained. As Epsilon has more than 2500 clients and sends out more than 40 billion emails a year, even 2 percent amounts to 50 companies being hit.
The full list of companies hit so far:
AIR MILES Reward Program (Canada)
Barclays Bank of Delaware ( Barclay’s L.L. Bean Visa card)
Best Buy Canada Reward Zone
Food 4 Less
Home Shopping Network (HSN)
Lacoste (via TG Daily)
New York & Company
Red Roof Inn
Robert Half International
Target (via KrebsonSecurity.com)
Visa (Barclays Bank of Delaware/L.L. Bean Visa, BJ’s Visa
Oddly enough Benefit Cosmetics is a former client, according to databreaches.net: they raise the question as to why the Benefit Cosmetics data was still on the Epsilon servers at the time of the data breach.
Some email marketers response to the event:
More resources, responses and info on the Epsilon data breach can be found here:
Securityweek: Massive Breach at Epsilon Compromises Customer Lists of Major Brands
Mashable: Epsilon hacked
Spamtacular: It’s the Fukashima of email marketing! Or, not.
Joeism Blog (Joe Colopy of Bronto): Email service providers are the new banks
Best Buy: Statement: Best Buy E-mail Vendor Epsilon Reports That Some Best Buy Customer E-mail Addresses Were Accessed
Update 9:45 CET
I have received a notification email from Target mentioning the attack. The email: