Three days after an electronic mail services supplier notified consumers that its techniques ended up compromised, affected corporations keep on to emerge.
A expanding checklist of organizations – which includes Capital A single, U.S. Lender, Citigroup, JPMorgan Chase and Barclays Financial institution of Delaware – currently are notifying customers that hackers have stolen their e-mail addresses.
All the firms use the Dallas-based electronic mail support supplier, Epsilon, which on Friday revealed that hackers gained unauthorized entry to its e mail system to steal its clients' customer data.
The breach also affects a number of well-known retailers and hospitality organizations, including Brookstone,
Office 2010 Professional, Disney, Fry's, L.L.Bean, Marriott Rewards, New York & Co., Ritz-Carlton Rewards, The College Board,
Buy Office 2010 Key,
Best Buy Holds Discounted Netbook, Delights Customer - The Consumerist, The Home Shopping Network, TiVo and Walgreens, according to reports and breach notification letters.
The stolen information consists of e-mail addresses and customer names, according to Epsilon's statement. No Social Security numbers or monetary information were compromised.
It is unclear how hackers successfully infiltrated Epsilon's network or how many e mail addresses have been involved.
Many of the impacted corporations began notifying customers over the weekend about the incident. Clients may receive an increase of spam as a result of the breach, according to several notification letters.
The data could also be used to perpetrate socially engineered attacks, Richard Mackey, vice president of consulting at SystemExperts, told SCMagazineUS.com on Monday. With the knowledge that a particular user did business with a certain company, an attacker would be able to craft real-looking phishing scams.
“Most effective phishing attacks are the ones that have legitimacy,
Cheap Windows 7 Enterprise,” Mackey said. “The more authentic and targeted they are, the more convincing they are.”
Users should be especially cautious when opening links or attachments from unknown third parties in light of the incident,
Windows 7 Starter Key, affected brands have warned their clients.
The breach also extends to a number of supermarkets, such as City Market, Dillons, Food 4 Less, Fred Meyer, Jay C, King Soopers, Kroger, QFC and Ralphs, according to reports.
Epsilon said it detected the breach on Wednesday. Epsilon is the world's largest "permission-based" e-mail marketing supplier and sends more than 40 billion emails each year, according to the company's website.
The incident mirrors a similar attack, disclosed in December,
Windows 7 Serial Key, against Atlanta-based e-mail marketing companies firm Silverpop Programs. That breach impacted a subset of Silverpop's clientele, like McDonald's and social media site DeviantART.
SystemExperts' Mackey said these breaches illustrate the importance of ensuring that third-party service providers that are trusted to maintain a company's information can do so securely.
Before handing over information to third parties, organizations must assess the risks associated with that data and ensure it will be adequately protected, he said. Organizations must then maintain an active relationship with support providers to ensure their protection mechanisms are in line with industry standards.
The organization also should be prepared to react in case of a breach, Mackey added.
Many security rules and regulations require organizations to ensure that their third-party providers exercise due care to protect personal information.
Epsilon and its impacted customers, however, likely did not violate any laws because the stolen information was not connected to any other identifying data, for example Social Security or credit card numbers, Mackey said.
“It is admirable, in a sense, that the organizations did make this announcement that the information was compromised, even though they weren't forced by regulation to do so,” he added.