Epsilon Email Breach: What You Should Know

Millions of email addresses exposed by hackers.

ByABC News
April 4, 2011, 11:35 AM

April 4, 2011— -- If you're a customer of Walgreens, Best Buy, Citigroup or one of several other major U.S. companies, you might want to put your email inbox on high alert.

Over the weekend, those retailers were the latest on a growing list of big-name businesses to warn customers that computer hackers may have accessed their email addresses and names. All of the companies work with the Dallas-based online marketing firm Epsilon, which said Friday that its system had been breached, potentially exposing it's corporate clients' customer information.

When reached by ABCNews.com, a spokeswoman said she was unable to comment as the company conducts an investigation and cooperates with authorities. But in its statement, Epsilon, which sends 40 billion emails annually on behalf of more than 2,500 clients, said a subset of its' clients customer information was compromised in the data breach.

"The information that was obtained was limited to email addresses and/or customer names only," the company said. "A rigorous assessment determined that no other personal identifiable information associated with those names was at risk."

J.P. Morgan, Kroger's, Capital One Financial, Barclay's Bank, The College Board and TiVo are among the companies to acknowledge that their customers' data may have been accessed by hackers. (For an up-to-date list of confirmed companies affected by the attack, check out SecurityWeek's list here.)

While security experts say hackers are usually interested in more sensitive data than people's names and email addresses, they still warn that affected customers should be extra careful with their email.

Graham Cluley, a senior technology consultant with the security firm Sophos, said that although the Epsilon breach appears to have hit many well-known companies -- and their millions of customers -- at least the hackers didn't run away with credit card information or home addresses, which could be used to commit identity theft or make unauthorized purchases.

Customers with compromised email accounts could expect a surge in annoying spam to their inbox, he said, but the hack could have more insidious effects, too.

"The biggest danger here really is that spammers could then target you with email pretending to come from these organizations," Cluley said. "You might get fooled into being phished for your log-in information or being sent malware or a dangerous Web link."