April 4, 2011

Epsilon Data Breach

Carl Leonard Principal Security Analyst

On Friday 1 April 2011, Epsilon, a marketing services firm, notified their customers of "unauthorised entry into email system".  Their press release can be seen here.


The press release advises that the information stolen during the attack included only customer email addresses and customer names and didn't include any other personal or financial information. In the wrong hands, however, even this limited amount of information can have consequences for those to whom the data pertains.  We shall explore some typical scenarios below.


What does this mean to Epsilon's customers?

Many well-known brands in the hotel and leisure, entertainment, and retail industries (to name but a few) use Epsilon's services to send marketing emails to their customer base.  It would appear that the list of customer contacts were the very information that was stolen, and we are starting to see that affected businesses are advising their customers of the issue.  We commend them for doing so.


What does this mean to you as a customer of one of Epsilon's clients?

It has been proven that attackers have better success rates when they know more about the victims they are targeting. In these cases, the attackers may use knowledge around the inclusion into one or many of these services to lure them. Additionally lures may include details that use this event to entice users. So it's very likely that we will see spear-phishing attacks sent to these email addresses; spam/malicious emails where the language and layout is very targeted to the victim. An attacker with this information might for example know which hotel chain you prefer, which bank you use and your favorite electronic store.

In addition, attackers may use this breach to gain other pieces of valuable information from the victims such as: bank details, passwords for accounts, and other sensitive pieces of information by creating very specific and targeted emails.

Our ThreatSeeker® Network is scanning for attacks in the wild that are using the stolen data to lure victims, and we will update this blog when we find these attacks. 

Brian Krebs has a timeline of when companies disclosed this data breach at his website Krebsonsecurity.  A number of high-profile global clients have been affected.

Carl Leonard

Principal Security Analyst

Carl Leonard is a Principal Security Analyst within Forcepoint X-Labs. He is responsible for enhancing threat protection and threat monitoring technologies at Forcepoint, in collaboration with the company’s global Labs teams. Focusing on protecting companies against the latest cyberattacks that...

Read more articles by Carl Leonard

About Forcepoint

Forcepoint is the leading user and data protection cybersecurity company, entrusted to safeguard organizations while driving digital transformation and growth. Our solutions adapt in real-time to how people interact with data, providing secure access while enabling employees to create value.