SAN FRANCISCO (CNET / CNN / AP) — With the theft of millions of e-mail addresses from the world’s largest “permissions-based” e-mail marketing company, Epsilon, several large firms have started warning customers to expect fraudulent e-mails that try to coax account information from them.

Epsilon, which has offices in San Francisco, said that someone hacked into its computer system and stole an unknown number of e-mail addresses and names last week.

The scope of the breach was potentially huge, with financial-service companies such as Capital One Financial Corp., Barclays Bank, U.S. Bancorp, Citigroup Inc. and JPMorgan Chase & Co. and retailers including Best Buy Co., TiVo Inc. and Walgreen Co. coming forward Monday to say that their customers had been affected.

Epsilon said it sends 40 billion e-mails per year on behalf of its 2,500 clients and Reuters called this potentially “one of the biggest such breaches in U.S. history.”

Epsilon released a statement over the weekend indicating that on March 30 it detected an “unauthorized entry” into its system that exposed customer names and e-mail addresses. The company said “no other personal identifiable information associated with those names was at risk.”

Both Chase and Capital One posted notices about the breach on their Web sites, and both also said financial data, and any other data apart from names and e-mail addresses, did not appear to be at risk.

While there’s little fear that identities could be stolen because of the huge leak of e-mail information alone, security experts did worry about a malicious form of spam called “targeted phishing” or “spear phishing.” These terms refer to fake e-mails that try to look real because the scammer knows something about you.

“This data breach is going to facilitate that in a big way. Now they know which institution people bank with, they know their name and they have their email address,” said David Jevans, chairman and founder of the non-profit Anti-Phishing Working Group.

Experts said a scammer could design a fake e-mail, purporting to be from one of the companies whose customer data was stolen, that might ask you for sensitive information, like a Social Security number or bank account number. If you divulged that kind of personal data, you could become a victim of identity theft.

Both Chase and Capital One issued cautions in the statements on their sites that they would never ask customers to e-mail personal information such as credit card numbers or social security numbers.

(Copyright 2011 by CBS San Francisco. All Rights Reserved. This material may not be published, broadcast, rewritten, or redistributed. Wire services may have contributed to this report.)

Comments (2)
  1. fracked says:

    LMAO damn spamming company broken into ….cry me a river lol

  2. JD, Dallas, TX says:

    Epsilon: Extremely high-pressure work environment. Hires folks on H1B visas, not for their smarts, but because they are cheap and usually won’t complain. Keeps costs very low – too few people expected to do the work of too many people. Essentially, there is no way things cannot go wrong at this company. If you think this is the first, and last time this will happen at Epsilon, you are not being realistic. If you are well connected, and know someone that works at this company, especially in the IT department, you can verify these facts pretty easily.

    Now you know, and you may have even heard of other companies behaving like this, but what can you do? Absolutely nothing.

Leave a Reply

Please log in using one of these methods to post your comment:

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

Watch & Listen LIVE