Note from me: If you've received even one of these warnings, you should read this post.
______________________________________________________________________
If you haven't yet received an email message from a major company, warning that your email address may have been compromised, you will.
<snip>
On April 1, online marketing firm Epsilon Data Management -- InfoWorld curmudgeon-in-residence Robert X. Cringely calls them "spammers in expensive suits" -- sent out a press release saying that "a subset of Epsilon clients' customer data were exposed by an unauthorized entry into Epsilon's email system. The information that was obtained was limited to email addresses and/or customer names only. A rigorous assessment determined that no other personal identifiable information associated with those names was at risk. A full investigation is currently underway."
On April 4, Epsilon updated the press release, adding this puzzling footnote: "The affected clients are approximately 2 percent of total clients and are a subset of clients for which Epsilon provides email services." I'll talk about that in a moment.
<snip>
Epsilon is also mum on the question of whether the stolen data could be associated with a specific Epsilon customer. Having a list of 100,000 email addresses is one thing. Having a list of 100,000 valid email addresses from JPMorgan customers opens up an entirely different realm of possibilities.
That raises yet another question. If zillions of email addresses were stolen, and the thief or thieves can't tell which Epsilon customer they came from, what is Epsilon doing, sitting on a big pool of undifferentiated email addresses and names?
<snip>
http://www.infoworld.com/t/phishing/epsilons-epic-fail-the-numbers-dont-add-177Epsilon Breach Raises Specter of Spear PhishingSecurity experts are warning consumers to be especially alert for targeted email scams in the coming weeks and months, following a breach at a major email marketing firm that exposed names and email addresses for customers of some of the nation’s largest banks and corporate brand names.
<snip>
Rod Rasmussen, chief technology officer at Internet Identity and the industry liaison for the Anti-Phishing Working Group, believes that the Epsilon breach will lead to an increase in “spear phishing” attacks, those that take advantage of known trust relationships between corporations and customers by crafting personalized messages that address recipients by name, thereby increasing the apparent authenticity of the email.
<snip>
List of known Epsilon customers:
■1800-Flowers
■Abe Books
■Air Miles CA
■Ameriprise Financial
■Barclays Bank of Delaware
■Beachbody
■Bebe Stores Inc.
■Benefit Cosmetics
■BestBuy
■Brookstone
■Capital One
■Charter Communications (Charter.com)
■Chase
■Citibank
■City Market
■The College Board
■Crucial.com
■Dell Australia
■Dillons
■Disney Vacations
■Eurosport/Soccer.com
■Eddie Bauer
■Food 4 Less
■Fred Meyer
■Fry’s
■Hilton Honors
■The Home Shopping Network
■Jay C
■JP Morgan Chase
■King Soopers
■Kroger
■LL Bean
■Marks & Spencer (UK)
■Marriott Rewards
■McKinsey Quarterly
■Moneygram
■New York & Co.
■QFC
■Ralphs
■Red Roof Inns Inc.
■Ritz Carlton
■Robert Half
■Smith Brands
■Target
■TD Ameritrade
■TIAA-CREF
■TiVo
■US Bank
■Verizon
■Viking River Cruises
■Walgreens
■World Financial Network National Bank
http://krebsonsecurity.com/2011/04/epsilon-breach-raises-specter-of-spear-phishing