A massive breach has been reported at a internet marketing firm, Epsilon, which manages marketing for a host of brands. Various types of personal identifiers have be stolen including emails, addresses and phone numbers. This information we expect to be sold on the black market and used for various types of phishing. Below is a list of the brands currently listed.
The major danger is that the information may be used in an attack that targets a select group of individuals. This impact of this breach going forward will be major with long lasting implications. This includes the organizations which are the brands and the users who shared their information knowingly or unknowingly.
We recommend the follow for Organizations:
- Find out if employees have used any of these brands and provided their work email employees should inform the responsibly parties for security (ISO) immediately.
- Offer employees amnesty from discipline for providing this information if using work email for this kind of activity is prohibited.
- Consider using extra proxing and filtering on accounts which may have been discovered used by users/employees.
- Explain to employees that if they used their work emails for any of the brands listed below they need to be at a heightened state of awareness.
- Be on a heighten state of alert for phishing using attachments that include Flash files.
- For employees who do not need Flash to accomplish their jobs remove Flash.
- For groups or departments that need Flash for business functions use stricter ingress and egress filtering.
- Consider strict silo methods for departments that need Flash for business functions from internal systems.
Additional recommendations for individuals:
- Never share any personal information via email with credit card companies, phone companies, banks, grocery stores or retailers.
- Make sure to change any passwords which may have been used on the sites associated with the brands listed below.
- If you received notice of this compromise from the brands in question notify your employer, especially if you used any information about your employment.
- Be aware of the kind of information that may have been compromised by reading below.
- Keep in mind that a email offering information that sounds too good to be true most likely is malware.
Brands that have been compromised:
- Brookstone
- Citi
- Capital One
- JP Morgan Chase
- Tivo
- HSN (Home Shopping Network)
- McKinsey & Company
- Ritz-Carlton Rewards
- Walgreens
- The College Board
- New York and Company
- Marriott Rewards
Some of the personally identifiable information Epsilon Sells:
- Age
- Childern
- Email Address
- Mail Order Addresses
- Professions
- Astrology
- Computer Type
- Ethnic Information
- Religion
- Business type
- Insurance preferences
- Pets
- Residence
- Buyer of household
- Donor information to charities
- Lifestyle
- Political Affiliations
- Senior information age
Epsilon's Product Data Cards (Types of Data):
- American Smokers Registry
- BusinessClass List Builder From Equifax
- Epsilon TargetSource US - Ailments/Health
- Epsilon TargetSource US - Avid Readers
- Epsilon TargetSource US - Charitable Donors
- Epsilon TargetSource US - Collectors
- Epsilon TargetSource US - Computer and Internet Users
- Epsilon TargetSource US - Cooking and Culinary
- Epsilon TargetSource US - Financial Services Sector
- Epsilon TargetSource US - Gardening Enthusiasts
- Epsilon TargetSource US - Higher Education
- Epsilon TargetSource US - Hobbies and Interests
- Epsilon TargetSource US - Home Electronics
- Epsilon TargetSource US - Mail Order Buyers
- Epsilon TargetSource US - Outdoor Enthusiasts
- Epsilon TargetSource US - Scrapbooking and Crafts
- Epsilon TargetSource US - Sports
- Epsilon TargetSource US - Women at Home
- High-Tech Connect Formerly From Equifax
- ICOM Home Based Business Entrepreneurs
- ICOM Self Employed Entrepreneurs
- ICOM Target NewMover - PreMover Data
- ICOM Target NewMovers
- ICOM TargetPlus [formerly Advantage Choice] - Financial
- ICOM TargetPlus [formerly Advantage Choice] - Masterfile
- ICOM TargetPlus [formerly Advantage Choice] - New Parents
- ICOM TargetPlus [formerly Advantage Choice] - Real Property
- ICOM TargetPlus [formerly Advantage Choice] - Survey
- ICOM TargetPlus [formerly Advantage Choice] -Transactional Mail Order
- ICOM TargetSource Canada - Adults Ages
- ICOM TargetSource Pet Owners
- ICOM TargetSource U.S. - Avid Readers
- COM TargetSource U.S. Ailments and Health
- ICOM TargetSource U.S. Charitable Donors
- ICOM TargetSource U.S. Collectors
- ICOM TargetSource U.S. Computer and Internet Users
- ICOM TargetSource U.S. Education
- ICOM TargetSource U.S. Finance and Investing
- ICOM TargetSource U.S. Hobbies and Interests
- ICOM TargetSource U.S. Household Items
- ICOM TargetSource U.S. Sports
- ICOM TargetSource US - Diet and Health
- ICOM Targetsource US - Grandparents
- ICOM TargetSource US - Homeownership
- ICOM Targetsource US - Masterfile
- ICOM TargetSource US - Music Preferences
- ICOM TargetSource US - Travelers
- ICOM TargetSource US - Vehicle
- ICOM Weekly New Movers
- Permission! Formerly from Equifax
- Residential Property Plus Formerly From Equifax
- Rx Selector Formerly From Equifax
- Small Area Characteristics Database
- TargetPoint In-Market Formerly From Equifax
- TargetPoint New Movers Formerly From Equifax
- The Lifestyle Selector Formerly From Equifax
- The Response Selector Formerly From Equifax
- The SOHO Selector Formerly From Equifax
- TotalSource XL Formerly From Equifax