Bank customers at risk after details are hacked
Tuesday 05 April 2011
Customers of many of the world's biggest banks and numerous other companies are being warned to expect fake emails trying to lure them to part with their log-in details, after what could be one of the biggest data breaches of the internet era.
The company at the centre of the incident, a Dallas-based email marketing firm called Epsilon, revealed last Friday that it had been the victim of a computer hacker, but the scale of the breach has only become clear as, one by one, some of the world's largest companies have alerted their customers.
The banks and other firms involved have all said that no customer account details were stolen, only email addresses.
The list of banks affected includes Citigroup, JP Morgan Chase, Capital One Financial and US Bancorp and Barclays' US credit card arm. American retailers involved include Walgreens, Best Buy and Kroger. Customers of Disney's travel business and TiVo, which sells digital video recorders, are also victims.
"Epsilon has assured us that the only information obtained was your name and email address," Barclays Bank of Delaware said in an email to its US credit card customers. "It is possible you may receive spam email messages as a result which could potentially ask you for additional information about your account. Please note, Barclays will never ask you in an email to verify sensitive information such as your full account number, username, password or social security number. Therefore, any email which does so should be treated as suspicious, even if it looks like it comes from Barclays."
The not-for-profit College Board, which administers the SAT admissions tests and has the email addresses of 7 million US students, asked students and parents to be cautious about receiving "links or attachments from unknown third parties". Millions of similar emails have been sent out by the firms affected in the days since Epsilon reported the security breach.
Internet scam artists routinely send emails to people, purporting to be from a large bank and asking them to log in at a site that looks like the bank's own website. Instead, the fraudulent site captures their log-in information and uses it to access the real account. The Epsilon data breach could make these so-called "phishing" attacks more efficient, by allowing the fraudsters to target people who they know really have an account with the bank.
Epsilon, a subsidiary of Nasdaq-listed Alliance Data Systems, is a digital marketing and data management firm that helps companies manage their email correspondence with customers. The company says it works on behalf of 2,500 clients and sends more than 40 billion emails each year, often email ads and offers, to people who register for a company's website or who give their email addresses while shopping.
Late last Friday, Epsilon disclosed that it had been the victim of a hacker. In a statement, it said: "On 30 March, an incident was detected where a subset of Epsilon clients' customer data were exposed by an unauthorised entry into Epsilon's email system. The information that was obtained was limited to email addresses and/or customer names only. A rigorous assessment determined that no other personal identifiable information associated with those names was at risk. A full investigation is under way."
The company has refused to comment but confirmed it is cooperating with law enforcement authorities who are investigating the breach.
- 1 Germanwings crash: Police make 'significant discovery' at home of co-pilot Andreas Lubitz
- 2 Germanwings captain Patrick Sondenheimer tried to break into locked cockpit door 'with an axe' as plane was descending
- 3 Zayn Malik already working on solo material, just days after quitting One Direction
- 4 The West has it totally wrong on Lee Kuan Yew
- 5 #FreeTheNipple: Women in Iceland bare breasts in solidarity with trolled student
Zayn Malik gives first interview since quitting One Direction: 'I've never felt more in control of my life'
Germanwings crash: Police make 'significant discovery' at home of co-pilot Andreas Lubitz
Germanwings captain Patrick Sondenheimer tried to break into locked cockpit door 'with an axe' as plane was descending
Saudi Arabia says it won't rule out building nuclear weapons
#FreeTheNipple: Women in Iceland bare breasts in solidarity with trolled student
Nigel Farage brands LGBT activists 'filth' and 'scum' and accuses them of scaring away his children after they invade his local pub
Ukip supporters are 55 or older, white and socially conservative, finds British Social Attitudes Report
JK Rowling responds to fan tweeting she 'can't see' Dumbledore being gay
Russia threatens Denmark with nuclear weapons if it tries to join Nato defence shield
Jeremy Clarkson sacked live: Alan Yentob 'wouldn't rule out' ex Top Gear host's BBC return
Germanwings plane crash live: Andreas Guenter Lubitz intentionally crashed flight 9525 into the Alps in act of mass murder and suicide – latest
iJobs Money & Business
Negotiable: Recruitment Genius: To provide a prompt, friendly and efficient se...
Negotiable: Recruitment Genius: You will be the first point of contact for all...
£18000 - £24000 per annum + benefits: Ashdown Group: HR, Payroll & Benefits Of...
£35000 - £38000 per annum + benefits : Ashdown Group: A highly successful, int...