Email Provider Epsilon Responsible For Gigantic Security Breach

 

Epsilon, the world’s largest permission-based email marketing services company that serves TiVo users and many more, reported a breach in its security Friday, and the list of companies affected keeps on growing.
TiVo users had a rude awakening this morning, finding out the email address they’d given to TiVo as part of their account registration had been compromised.
According to SecurityWeek, Epsilon is currently disclosing even more companies whose email marketing lists had been compromised. Noticing the problem first with grocery retailer Kroger, Epsilon continues releasing company names that were affected by the breach. Here’s the list gathered so far:

• Kroger
• TiVo
• US Bank
• JPMorgan Chase
• Capital One
• Citi
• McKinsey & Company
• Ritz-Carlton Rewards
• Marriott Rewards
• New York & Company
• Brookstone
• Walgreens
• The College Board (added 4/3 @8:20am)
• Home Shopping Network (HSN)(added 4/3 @10:22am)
• LL Bean (added 4/3 @1:20pm)
• Disney Destinations (added 4/3 @1:20pm)
• Barclays Bank of Delaware (added 4/3 @1:20pm)

Considering that Epsilon has more than 2,500 clients sending 40 billion emails each year, this list could keep growing.
TiVo tried to sooth victims, saying the release of personal data “was limited to first name and/or email addresses only.” Here’s the email we received from TiVo this morning:
While TiVo attempts to minimize the implications of this security breach, email addresses are now in the hands of those who would break into the database of a huge email conglomerate. This means those addresses might be targeted with phishing schemes, spam, and other annoyances.
Now that they have a list of confirmed email addresses, those spammers and other miscreants will have much better success at targeting their victims.
Other organizations such as Citi, Marriott Rewards and Ritz-Carlton Rewards also warned their users, with lots more warnings probably on the way.