Last week, Epsilon was a little-known e-mail marketing firm, a behind-the-scenes player in the Web-marketing world. This week, it's held a prominent place in the headlines as the target of a massive data breach that exposed names and e-mail addresses for a broad swath of customers at dozens of prominent companies.
E-mails from the likes of Citibank, Chase, Capital One, Walgreens, Target, Best Buy, TiVo, TD Ameritrade, Verizon, and Ritz Carlton--have been flooding in-boxes since Epsilon announced its system had been breached. Some people (this writer included) have reported receiving as many as four of these warnings.
Breach exposes clients' customer names, e-mail
Companies like Citibank and Walgreens are household names, but little was known about Epsilon and how it accesses customer data. But Epsilon is actually one of a growing number of firms that offer outsourced services to help companies attract and keep customers. In addition to offering e-mail marketing services and managing customer e-mail databases for clients, it monitors social networking and other sites to see what people are saying about a company, advises on markets to target, helps develop and maintain customer loyalty programs, and more.
Epsilon has apologized, but so far, the only key information it has provided about the incident is that names and e-mail addresses of a "subset" of its 2,500 customers were exposed in the breach, which was detected on March 30. It's unclear how many of Epsilon's clients and how many of their customers are affected, but a tally being kept at Databreaches.net was up to 57 today. Epsilon says it's working with federal authorities and outside forensics experts on the investigation and has reviewed its security protocols controlling access to the system and further restricted them.
CNET to the Rescue Ep.41: Band-Aids for the Epsilon boo-boo
Later in the week, we learned that Epsilon partner Return Path, which offers e-mail monitoring services, had warned late last year that thousands of e-mail addresses were stolen in a broad phishing campaign that targeted e-mail service providers. While it is unclear whether Epsilon was affected by the phishing attacks last year or how it was compromised in the latest incident, there is some indication that this may not be the first data breach at the company.
Meanwhile, the Comodo hack from a couple of weeks ago, which let a hacker spoof digital security for Google.com, Yahoo.com, and other Web sites is still making news, as it prompts browser makers to rethink security.
Comodo hack may reshape browser security"
Comodo hacker says he's protesting U.S. policy
Roundup: Behind Comodo hack, an insecure Web
T.J.Maxx hacker says feds gave him the OK
Report: Google and DOJ close to ITA settlement
Report: Sprint also planning mobile payment service
Android hardware partners. But where there's smoke, there are probably at least smoldering coals.
Gartner: Android market share to near 50 percent
Privacy dispute tests Obama's earlier promises
How I nearly got scammed on Facebook
Federal Web sites may go dark in shutdown
FTC to investigate Google's search dominance
White House pushes for incentive spectrum auctions
Court tosses Verizon, MetroPCS suits against FCC
Mobile apps accused of privacy violations
Video: Mobile apps accused of privacy violations
Report: YouTube to offer original content
YouTube opens up live streaming to partners
Netflix acquires rights to stream 'Mad Men'
Some indie studios wary of Netflix partnership
Microsoft tries to polish Silverlight's future
Flash use dips at top Web sites
Films from 3 studios come to Dish streaming
Bing's iPad app takes aim at Safari
Report: Apple orders 12 petabytes of storage
Report: iOS 4.3.2 coming soon
Bill Joy chases green-tech breakthroughs
Microsoft and Toyota partner on smart-grid tech
Microsoft tries plan B with Hohm energy app
tablets. But Chrome OS competes not just with Apple's iPad, but also Google's own Android OS for tablets.
Google boots Grooveshark from Android Market
Grooveshark 'surprised' by Google snub
Also of note
HP suing former exec over theft of trade secrets
Larry Page, here's your six-month plan
Expedia to split into two companies
With Virgin Oceanic, Branson plans to get deep
SF gives preliminary OK to payroll tax break for Twitter Updated April 11 at 11:08 a.m. PT to remove reference to American Express from list of companies affected.