Other Menus

280 Group Optimal Product Management Blog
Welcome to our Product Management Blog!

Massive theft of email addresses from online marketing firm Epsilon could lead to increase in “spear phishing”

“Spear Phishing” is a very dangerous threat to users, because the spammer sending out the  “phish” is trying to lure you to a fake version of a well-known website and knows that already you are a customer or user of that website.  Phishing is general is a technique to get users to reveal login IDs and passwords, bank account or credit card numbers, to steal your money, plain and simple.

Over the weekend, it was announced that online marketing company Epsilon suffered a data breach that allowed hackers to steal millions of email addresses used by companies in their online marketing campaigns.  Affected banks include Citibank, JPMorganChase, Barclays Bank, US Bancorp.  Other affected companies include Target, Walgreens, Walt Disney, Marriotts, Hilton Hotels, Ritz-Carlton, Best Buy, L. L. Bean, Home Shopping Network, and TiVo.  The College Board was also affected.

What does this mean for you as a consumer?  From now on, when you receive an email from any of these companies (and probably others), you should NOT click through any links contained in the email.  Go directly to the company’s website, starting at the home page, and then search for the offer or the announcement that interests you.

What does this mean for the affected companies.  (1) Time to get a new online marketing vendor.  (2) A probable loss in the effectiveness of your online marketing campaigns, at least for email, and (3) it is important to get out in front of this issue, so your customers don’t get victimized by scams.

This is a story in progress, and we will probably see more bad news for at least a few days.

, , ,

2 Responses to Massive theft of email addresses from online marketing firm Epsilon could lead to increase in “spear phishing”

  1. Brian Lawley Apr 6, 2011 at 2:33 pm #

    I was notified about this and am not happy.

    I suspect that Epsilon and all of the breached companies will be facing very large class-action suits.

    Significant fear of financial loss will motivate companies to ensure that adequate security measures are put in place.

  2. Phil Burton Apr 6, 2011 at 6:54 pm #


    I wish I could say that a breach like this will motivate _ some _ companies to put in adequate security measures. In the health care field, HIPPA mandates patient privacy, but lots of companies are taking a wait-and-see attitude.

    Also, hospitality industry companies are not investing enough in payment system security, even though they handle large numbers of transactions daily.

    What _ might _ happen is a strong consumer backlash, leading to congressional hearings about protecting consumer information.

What are your thoughts? We'd love to hear from you!