Identity Theft Stories

Internet marketing giant Epsilon suffered a major data breach over the weekend, as names and email addresses were stolen in a series of hacking attacks affecting at least 19 of its client companies.

In a statement to its clients, Epsilon assured that highly sensitive information had not been stolen by hackers.

“The information that was obtained was limited to email addresses and/or customer names only… A full investigation is currently underway,” the statement read.

But experts say that the stolen information may be enough for the hackers, according to Reuters:

…security experts said just having email addresses — plus knowing where someone shops — can help thieves write more sophisticated emails to steal financial data or spread malicious software, or malware.

That practice — using emails that appear to come from a trustworthy source to steal data — is sometimes known “spear-phishing” because such emails are more focused than traditional “phishing” emails.

Epsilon works with more than 2,500 clients and sends more than 40 billion emails annually. The company is the world’s largest permission-based email marketer.

So far, the following companies have confirmed a security breach, according to CNET – Kroger,TiVo, US Bank, JPMorgan Chase, Capital One, Citi, Home Shopping Network, Ameriprise Financial, LL Bean Visa Card, McKinsey & Company, Ritz-Carlton Rewards, Marriott Rewards, New York & Company, Brookstone, Walgreens. The College Board, Disney Destinations, and Best Buy.