Epsilon, the world’s largest distributor of permission-based email, disclosed that email addresses provided by its clients were exposed in an attack on the company’s email system. The company disclosed that only email addresses were compromised. The compromise could lead to phishing attacks launched against the clients’ customers.
Epsilon has over 2500 clients worldwide for whom it sends over 40 billion emails annually. The number of email addresses compromised is not known at this time. Additionally, the company has not released a list of clients who were impacted; however, various online news reports indicated that some affected clients are in the financial services industry and include JP Morgan Chase, Citigroup, and Capital One. These institutions have alerted their clients of the breach and to be cautious of phishing emails. Other organizations impacted include major retailers such as Best Buy, Walgreens and Kroger.
Although Epsilon stated that no personal identifiable information was at risk, the customers of Epsilon clients who were impacted could be at risk for phishing attacks. In a phishing scam, fraudsters send fraudulent emails targeting a specific organization. In the Epsilon breach, the fraudsters could easily craft their email messages to make it appear as though they are sent by the recipient’s financial institution or trusted retailer. The fraudsters will attempt to collect personal and/or financial information by sending attachments infected with software for stealing passwords, or by including a link in the email to a with a request to provide personal and/or financial information.
Champion Credit Union will never ask for personal or financial information via email. Please be cautious and aware and do not provide this information to anyone, even if the email or site appears legitimate, via email.