The extent of a breach at email marketing vendor Epsilon is becoming clearer as major US retailers and banks roll out phishing alerts to customers.
Barclays Bank US (Delaware) was the latest major brand to warn customers their email details were compromised after Epsilon’s email database was hacked.
US-based Epsilon has offices in Australia, Asia and Europe. Some of its 2,500 clients that have already issued warnings include McKinsey Quarterly, JP Morgan Chase, Best Buy, TiVO, Walgreens, Ritz Carlton Rewards amongst others.
Security blogger Brian Krebbs has published a list of the current fall-out here.
Epsilon issued a brief statement on April 1 that “an incident was detected where a subset of Epsilon clients' customer data were exposed by an unauthorised entry into Epsilon's email system.”
It said the attackers only obtained email addresses and customers names, but did not name which of its global client list were affected.
It’s unclear whether Australian customers were affected, however Eclipse’s Australian arm, Epsilon Interactive, included the US warning on its website.
The attack on a third party e-marketing vendor is reminiscent of the attack on a McDonalds’ supplier, which prompted the fast food giant's warning last December.
Despite persistent pressure from security vendors, Australian law makers have resisted introducing a compulsory data breach notification scheme similar to that adopted by many states in the US.