Flowers for Epsilon

If you are a consumer who has ever bought anything online, you likely received an email like the following:

If you are a consumer who has ever bought anything online, you likely received an email like the following: Dear Customer: One of our email service providers, Epsilon, has informed us that we are among a group of companies affected by a data breach that may have exposed your email address to unauthorized third parties. It's important to know that this incident did not involve other account or personally identifiable information. We use permission-based email service providers such as Epsilon to help us manage email communications to our customers. We take your privacy very seriously and we work diligently to ensure your private information is always protected. Epsilon has assured us that no private information, other than your email address, was involved in the incident. We regret any inconvenience that this may cause you. Because of this incident, we advise you to be extremely cautious before opening emails from senders you do not recognize. We thank you for your understanding in this matter. Sincerely, Bibi Brown Director, Customer Service Security & Privacy Apparently marketing services provider Epsilon was affected by what's being dubbed a "spear-phising" hack in which major corporations' customer emails were stolen: The breach, disclosed in stages since Friday, involved the Epsilon unit of Alliance Data Systems Corp, which said some clients' customer names and email addresses were obtained via an "unauthorized entry." Companies that have said they were exposed since then include banks Citigroup Inc and Capital One Financial Corp, and retailers Walgreen Co and Best Buy Co. Compromised files apparently did not include the payment card data that has created scares in the past, such as at retailer TJX Cos. But security experts said just having email addresses -- plus knowing where someone shops -- can help thieves write more sophisticated emails to steal financial data or spread malicious software, or malware. That practice -- using emails that appear to come from a trustworthy source to steal data -- is sometimes known "spear-phishing" because such emails are more focused than traditional "phishing" emails. This is being called "the largest data breach in US history" by some analysts. I suppose we'll see as the details continue to unfold- particularly what security measures Epsilon had in place at the time of the breach...