If you have an email account, then you by now have received one or more emails from companies notifying you that their email communication provider, Epsilon, suffered a security breach that resulted in unauthorized parties accessing your name and email address. Since Epsilon purports to send 40 billion emails annually, and boasts over 2,500 corporate clients including 7 of the Fortune 10, the impact has been widespread. The companies affected include Best Buy, Capital One, Citi, Dell, Disney, Hilton, Home Shopping Network, JPMorgan Chase, Kroger, Marriott, Ritz-Carlton, Target, TiVo, Verizon and Walgreens. (For a fuller list click here). So many people have received multiple notifications about this single incident that “Epsilon Bingo” cards have sprung up on the Internet (if you collect notifications from each company on the card, you win the game). Although much larger in scope, this breach is similar in nature to those suffered by other email providers in the past six months (click here and here), implying a pattern of attacks by fraudsters.

So why should your business care about this event? The most imminent reason is that it may pose a direct security threat to your organization. It has been widely assumed that the emails stolen from Epsilon were taken to perpetrate phishing attacks, send spam, or infect recipient systems with malware. (Reports of phishing attempts have been reported by affected individuals, but it is somewhat common for fraudsters to wait until the news cycle has cooled before they start exploiting the information.) It is very likely that your employees provided their corporate email address to one or more of the companies affected, such as to the hotel chains for purposes of booking corporate travel. If they did, that means that your corporate email system may be the recipient of these incoming, harmful emails. In that case, to protect your corporate email and information systems, you may want to ensure that your information security personnel are aware of this incident and have appropriate spam filters and malware detection software in place. You may also want to remind your employees of the following security precautions...