Newsflash: Epsilon email data breach – millions of email addresses stolen

Email service provider Epsilon has been hit by a hacking attempt which affected many top level companies including Citi, Disney Destinations, Best Buy and Target. The press release posted on Epsilon’s website last Friday states that just 2 percent of total clients was hit, and only email addresses and/or customer names were obtained. As Epsilon has more than 2500 clients and sends out more than 40 billion emails a year, even 2 percent amounts to 50 companies being hit.

The full list of companies hit so far:

AbeBooks
AIR MILES Reward Program (Canada)
Ameriprise
Barclays Bank of Delaware ( Barclay’s L.L. Bean Visa card)
Beachbody
bebe
Best Buy
Best Buy Canada Reward Zone
Benefit Cosmetics
Brookstone
Capital One
Citi
City Market
College Board
Dillons
Disney Destinations
Eileen Fisher
Ethan Allen
Food 4 Less
Fred Meyer
Fry’s
Hilton Honors
Home Shopping Network (HSN)
Jay C
JPMorgan Chase
King Soopers
Kroger
Lacoste (via TG Daily)
Marriott Rewards
McKinsey Quarterly
New York & Company
QFC
Ralphs
Red Roof Inn
Ritz-Carlton Rewards
Robert Half International
Smith Brands
Target (via KrebsonSecurity.com)
TD Ameritrade
TiVo
US Bank
Visa (Barclays Bank of Delaware/L.L. Bean Visa, BJ’s Visa
Walgreens

Oddly enough Benefit Cosmetics is a former client, according to databreaches.net: they raise the question as to why the Benefit Cosmetics data was still on the Epsilon servers at the time of the data breach.

Some email marketers response to the event:

More resources, responses and info on the Epsilon data breach can be found here:

Securityweek: Massive Breach at Epsilon Compromises Customer Lists of Major Brands
Mashable: Epsilon hacked
Spamtacular: It’s the Fukashima of email marketing! Or, not.
Joeism Blog (Joe Colopy of Bronto): Email service providers are the new banks
Best Buy: Statement: Best Buy E-mail Vendor Epsilon Reports That Some Best Buy Customer E-mail Addresses Were Accessed

Update 9:45 CET

I have received a notification email from Target mentioning the attack. The email:

Comments are closed.