Attackers have walked away with a 'subset' of e-mail marketing firm Epsilon's customer database, exposing the contact details for customers of some high-profile brands to phishing attacks and spam.
According to the company's statement, a 'subset' of Epsilon clients' customer data was exposed following an unauthorised entry into the company's network by person or persons unknown. While the data leaked is believed to be limited to e-mail addresses and customer names, that's enough for security experts to predict a rise in targeted spam - and possibly 'phishing' attacks - against those whose details have been leaked.
Epsilon, which operates under the unfortunate-in-hindsight tagline 'marketing as usual - not a chance,' handles e-mail market for brands including hotel chain Marriott, bookseller AbeBooks, sports clothing giant Lacoste, financial services firm JP Morgan Chase, and others. Companies affected are believed to be e-mailing their users to alert them of the breach, as required by US law.
"Losing your email address to scammers and spammers is likely to mean a surge in spam to your account," warned security specialist Sophos's Paul Ducklin following Epsilon's announcement. "Losing your email address via a service to which you already belong makes it much easier for scammers to hit you with emails which match your existing interests, at least loosely. That, in turn, can make their fraudulent correspondence seem more believable."
The attack comes as travel review site TripAdvisor recovers from a similar attack in which customer e-mails were leaked, and demonstrates a growing trend for spammers to turn to hacking techniques to find valid e-mail addresses to bombard with suspicious offers.
Epsilon has stated that it is in the process of conducting a thorough investigation into the attack, but does not appear to know at this present time how the attackers were able to gain access to what should, in theory, be an extremely well protected part of the company's corporate network.