How to Protect Yourself From the Epsilon Security Breach

As most of you know by now Epsilon, one of the largest email marketing companies, was affected by a major security breach that resulted in the compromise of the email lists of some of its clients, including JPMorgan Chase, Capital One, TD Ameritrade, and Citi.

Epsilon released a statement announcing that approximately 2% of its client base was affected by the breach. This equates to about 50 of its approximately 2,500 clients being impacted. The names of the companies impacted by the breach are slowly being released by Epsilon (see a list below), and it is expected that the list will slowly grow over time.

The World Financial Network National Bank (WFNNB) is the latest to be affected by this security breach. WFNNB issues The Limited Credit Card, as well as many others. Here is the statement WFNNB released to its customers:

WFNNB Epsilon security breach email notification

Protecting Your Personal Information

Only the names and email addresses of customers have been compromised in most cases. This means that the threat is relatively low for those of us that practice good security. However, there is still a threat. Here is what you may see if you are the customer of one of the affected brands, and what you can do to protect yourself.

Spam. The most common issue you’ll face is an increase in spam. Although spam is annoying, it is not a huge security threat as long as you don’t open the emails. Keep in mind that most email services have fairly good spam filters, so even though there may be an increase in the amount of spam sent to you, you may not even notice it if your email spam filters are any good. This may be a good time to check your spam filter settings, and improve the security if you feel you’ve been getting too much spam lately.

Brute Force Password Attacks. There’s also the possibility that spammers could attempt to brute force passwords. Given a valid email address, spammers can run a script that will attempt to guess the password associated with that email address. Weak passwords are much more vulnerable to brute force attacks than strong passwords. Weak passwords are those that have few characters, contain dictionary words, contain names, contain no numbers or special characters, and are all lower case.

If you have a weak password, make sure you change it. This includes using your name, or a variation of it, as your password. Remember, in the case of the Epsilon security breach, the thieves also walked away with customer names, so that may be the first thing they try.

Targeted Phishing Attacks. The biggest threat will come from targeted phishing attacks, known as spear phishing. Phishing campaigns are common place for spammers, even if they don’t know if a particular person is affiliated with the brand they are targeting. In this case they have targeted customer lists for each brand, along with each customer’s name. This makes their job infinitely easier. Because customers expect to see emails from these companies, the email open rates will be much higher. And if the spammers can make the emails look legitimate by, for example, using the customer’s name, they will have a much higher success rate.

You can protect yourself from phishing attacks by not clicking on links in emails claiming to be from legitimate companies, like your bank. You should be even more skeptical if the email claims that you need to type in, or verify, your login credentials, or other personal information. Banks, credit card companies, and just about any other respectable company will never ask you for personal information via email. Instead of clicking on links contained in the email, type in your bank’s website URL directly in your browser, or call them to confirm the email.

Even better, to protect yourself against phishing and spear phishing attacks, use a Remote Browser Isolation solution for the best protection.

List of Affected Companies

This is the current list of companies that have been affected by the Epsilon breach. Look over the list, and be extra vigilant if you have given any of these companies your email address in the past. Please note that this is not an all inclusive list, as new companies are slowly being announced by Epsilon.

Air Miles
Ameriprise Financial
Bebe Stores
Best Buy
Capital One
City Market
Dell Australia
Disney Destinations
Eddie Bauer
Eileen Fisher
Ethan Allen
Fred Meyer
Hilton Honors Program
Home Shopping Network (HSN)
Jay C
JPMorgan Chase
King Soopers
LL Bean Visa Card
Marks & Spencer
Marriott Rewards
McKinsey & Company
New York & Company
Red Roof Inn
Ritz-Carlton Rewards
Robert Half
Smith Brands
TD Ameritrade
The College Board
US Bank
World Financial Network National Bank (WFNNB)

Are you receiving more spam than usual because of the Epsilon security breach? Have other companies been affected by the breach that are not listed above? Let us know in the comments.

Leave a Reply

Your email address will not be published. Required fields are marked *