Monday, April 4, 2011

Marketing firm Epsilon discovers its data files have been compromised; companies scramble to inform customers

Customers were informed yesterday and this morning that their email addresses are now out in the open following a breach in security at Epsilon, a marketing services firm. Customers of such companies as Chase, Best Buy, Kroger, Capitol One, Citigroup, Ameriprise and Barclays are scrambling to notify their customers that their email addresses have been accessed. The U.S. College Board is also a customer of Epsilon and this morning informed students that have signed up at the website to take the SAT that their information has been accessed.

The breach is being called the biggest email security breach in US history.

Many of the customer notices are almost identical: Barclays Bank of Delaware issued a press release stating that its vendor Epsilon has informed them that "someone 'outside their company' gained unauthorized access to files in their systems that included a large number of email addresses," the bank said in its statement.

Chase send emails to customers stating that "Epsilon, vendor we use to send e-mails, that an unauthorized person outside Epsilon accessed files that included e-mail addresses of some Chase customers."

Epsilon conducts email marketing campaigns for hundreds of customers, sending out billions of marketing emails each year. According to a statement issued by Epsilon on Friday, the company became aware of the security leak two days earlier on March 30.