Arik Hesseldahl

Recent Posts by Arik Hesseldahl

Worries About Phishing Attacks Rise as Epsilon Data Breach Mess Goes On

The collateral damage from the data breach of the email marketing firm Epsilon continues to spread.

I’ve just heard from someone who says they’ve received an email from Crucial.com, the Web retailer of computer memory owned by the chipmaker Micron, that data on its users was compromised. I’ve also heard form customers of Fred Meyer, Fry’s, Brookstone, 1-800-Flowers and the recruiting firm Robert Half International saying they’ve received similar emails.

However, now we’re getting into phase two of this mess. Whoever the original attackers are, they may be starting to carry out phishing attacks against the people whose information was taken from Epsilon. There’s been at least one report out of North Carolina of emails going to customers of a Chase Bank that aren’t really from that bank. Given that phishing attacks are a daily occurrence, however, it’s hard to specifically pin down this one as being related to the Epsilon breach. But the fact that it’s being mentioned at all indicates how much anxiety about phishing attacks has escalated in the days since the breach was disclosed.

It being the height of tax season, Intuit, maker of Turbotax, the most popular tax preparation software on the market, published a security alert to its customers today. Though it’s not an Epsilon customer, it said that–given that so many banks are among those affected–it thought it should offer some tips on how to detect a phishing attack and what to do and not do. Its advice bears repeating: When in doubt, don’t click on links in an email sent by a bank, retailer or other institution.

Meanwhile, shares in Epsilon’s parent company, Allied Data Systems, don’t seem to be feeling any further ill effects from all the negative attention. Its shares finished the day up 38 cents to close at $84.12, and the stock is up about 16 percent since the start of the year. The company was in damage control mode today, saying that it was working with federal authorities and outside computer forensics experts to investigate how the breach happened and who did it and to ensure that additional security measures are put in place to make sure it doesn’t happen again.

And even though Epsilon represented about 22 percent of Allied Data’s revenues last year, the company said that it expects the incident to have “minimal if any impact” on its overall financial performance for the foreseeable future, and that the breach affects only about two percent of Epsilon’s total client base. That may not sound like a large number, but when you consider that Epsilon has about 2,500 clients, and that two percent of that is 50 companies, most of them large, household name companies, it’s hard to minimize the number of people potentially affected. Allied Data’s biggest concern now, it says, is to regain the trust of its clients–that is, the companies on whose behalf it sends marketing email messages.


Latest Video

View all videos »

Search »

I think the NSA has a job to do and we need the NSA. But as (physicist) Robert Oppenheimer said, “When you see something that is technically sweet, you go ahead and do it and argue about what to do about it only after you’ve had your technical success. That is the way it was with the atomic bomb.”

— Phil Zimmerman, PGP inventor and Silent Circle co-founder, in an interview with Om Malik