Why Your Organization Faces Risk from the Epsilon Email Breach (Even if They Are Not Your Vendor)


If you have an email account, then you by now have received one or more emails from companies notifying you that their email communication provider, Epsilon, suffered a security breach that resulted in unauthorized parties accessing your name and email address. Since Epsilon purports to send 40 billion emails annually, and boasts over 2,500 corporate clients including 7 of the Fortune 10, the impact has been widespread. The companies affected include Best Buy, Capital One, Citi, Dell, Disney, Hilton, Home Shopping Network, JPMorgan Chase, Kroger, Marriott, Ritz-Carlton, Target, TiVo, Verizon and Walgreens. (For a fuller list click here). So many people have received multiple notifications about this single incident that “Epsilon Bingo” cards have sprung up on the Internet (if you collect notifications from each company on the card, you win the game). Although much larger in scope, this breach is similar in nature to those suffered by other email providers in the past six months (click here and here), implying a pattern of attacks by fraudsters.

So why should your business care about this event? The most imminent reason is that it may pose a direct security threat to your organization. It has been widely assumed that the emails stolen from Epsilon were taken to perpetrate phishing attacks, send spam, or infect recipient systems with malware. (Reports of phishing attempts have been reported by affected individuals, but it is somewhat common for fraudsters to wait until the news cycle has cooled before they start exploiting the information.) It is very likely that your employees provided their corporate email address to one or more of the companies affected, such as to the hotel chains for purposes of booking corporate travel. If they did, that means that your corporate email system may be the recipient of these incoming, harmful emails. In that case, to protect your corporate email and information systems, you may want to ensure that your information security personnel are aware of this incident and have appropriate spam filters and malware detection software in place. You may also want to remind your employees of the following security precautions...

Please see full article below for more information.

LOADING PDF: If there are any problems, click here to download the file.

Written by:

Published In:

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Poyner Spruill LLP | Attorney Advertising

Don't miss a thing! Build a custom news brief:

Read fresh new writing on compliance, cybersecurity, Dodd-Frank, whistleblowers, social media, hiring & firing, patent reform, the NLRB, Obamacare, the SEC…

…or whatever matters the most to you. Follow authors, firms, and topics on JD Supra.

Create your news brief now - it's free and easy »

All the intelligence you need, in one easy email:

Great! Your first step to building an email digest of JD Supra authors and topics. Log in with LinkedIn so we can start sending your digest...

Sign up for your custom alerts now, using LinkedIn ›

* With LinkedIn, you don't need to create a separate login to manage your free JD Supra account, and we can make suggestions based on your needs and interests. We will not post anything on LinkedIn in your name.