- Man arrested in car bomb plot at Kansas airport
- Prison inmates take up ‘Knockout’ game, target female officers
- U.S. Army hails success with drone-shooting laser
- John Kerry: Israel-Palestinian peace deal paved for April
- India diplomat who touts women’s rights busted for $3 wage to nanny
- MSNBC host Ed Schultz paid $252K by unions in 2012-2013
- Korean War memorial ordered to take down Christian cross
- Billy Graham near death, ‘close to going home to be with the Lord’
- SeaTac, Wash.: City’s new $15 minimum wage heads to court
- Obama mulls support for Islamists in Syria, with conditions
Targeted nature of email breach worries experts
“U.S. Bank sends you an email and it looks legit and you cough up the information, and now you’re in big trouble. It sure does sound like a big increase in fraud just waiting to happen,” Kocher said.
The attack offers a window into a business that serves a vital role in the Internet age for companies looking for effective ways to find customers, sell to them, and figure out what they might want to buy in the future.
Companies like Epsilon send emails to customers on behalf of companies, using vast stores of data and millions of addresses. Companies are eager to give up information about their customers _ if the third parties such as Epsilon can do a better job at enticing them to spend.
So for example, an email that a retailer blasts to customers about an upcoming sale on big-screen TVs might not actually come from the company at all. A company such as Epsilon might be the one that analyzed the spending of that store’s customers and decided which ones would be most likely to buy a big-screen TV.
Dave Frankland, an analyst with Forrester Research who studies Epsilon and other businesses that specialize in “customer intelligence,” said large companies often outsource their email marketing to avoid being having their messages zapped by email service providers’ spam filters. Companies such as Epsilon work with the email providers to ensure that their customers’ messages aren’t blocked as spam. He said that is a job that requires daily attention.
“At first glance, I shrug my shoulders and go, `Oh my goodness _ a spammer knows my name,’” he said. “I get enough spam; that isn’t new. But the bigger concern is when someone gets an email from one of these blue chip companies and it looks genuine. That’s when I get very concerned.”
But he added: “The industry should be looking at this as a let-off. This could have been a heck of a lot worse. It’s not just Epsilon _ it’s an industry issue, and this could have been any of them.”
Breaches involving millions of customers have happened before. In one of the largest, more than 45 million credit and debit cards were exposed to possible fraud because of hackers broke into the computer system of TJX Cos., the parent company of retailers T.J. Maxx and Marshall’s, starting in 2005.
And last month, RSA, the security division of data storage company EMC, acknowledged that its computer network was hacked. The implications are serious because RSA’s technology underpins the security of some of the world’s most closely guarded data. RSA makes small security devices that supply constantly changing numbers that are used as secondary passwords for accessing corporate networks and email.
If the attacker managed to steal the codes that determine which numbers appear on the tokens, that information could be used to perform mass infiltrations _ if the attacker already has other information about the targets. That information can be gleaned from the type of “spear phishing,” or targeted phishing, emails that the Epsilon breach can enable.
“I’m a little concerned that there’s a big pattern going on here of very major breaches, where if you combine that information together, you could launch some pretty major attacks that would be very successful,” Jevans said.
Svensson contributed from New York. AP Technology Writer Rachel Metz in San Francisco and AP Business Writers Michelle Chapman, Pallavi Gogoi, Eileen AJ Connelly and Christine Rexrode in New York contributed to this report.
By Mangosuthu Buthelezi
Memories of a long brotherhood tempered in common struggle
- U.S. Army hails success with drone-shooting laser
- U.S. Navy-China showdown: Chinese try to halt U.S. cruiser in international waters
- 'Active shooter' injures two at Colo. school; gunman on the loose
- Obama birther theories float as Hawaii health director killed in crash
- Billy Graham near death, close to going home to be with the Lord
- Obama's Afghanistan experts stumped on U.S. death toll, war costs during hearing
- U.S. pilot scares off Iranians with 'Top Gun'-worthy stunt: 'You really ought to go home'
- Obamas call to close Vatican embassy is 'slap in the face' to Roman Catholics
- North Korea's official report on Jang Song Thaek
- House budget bargain faces Senate filibuster; Republicans line up to oppose
Independent voices from the The Washington Times Communities
Musings of a bilingual, agnostic, combat veteran and jewelry maker.
Topics will include politics, religion, race, culture, and anything else that needs to be discussed...
Our Choice: Individual responsibility and self-government or the abandonment of the American Revolution
Extraordinary day at Redskins Park
White House pets gone wild!
Let it snow