After Breach, Companies Warn of E-Mail Fraud
By MIGUEL HELFT April 4, 2011
SAN FRANCISCO - Security experts said Monday that millions of people were at increased risk of e-mail swindles after a giant security breach at an online marketing firm.
The breach exposed the e-mail addresses of customers of some of the nation's largest companies, including JPMorgan Chase, Citibank, Target and Walgreens. In some cases customer names were also stolen.
While the number of people affected is unknown, security experts say that based on the businesses involved, the breach may be among the largest ever. And it could lead to a surge in phishing attacks - e-mails that purport to be from a legitimate business but are intended to steal information like account numbers or passwords.
"It is clearly a massive hemorrhage," said Michael Kleeman, a network security expert at the University of California, San Diego.
The marketing firm that suffered the breach, Epsilon, which handles e-mail marketing lists for hundreds of clients, disclosed the problem in a brief statement on Friday. But its sheer scale became clear over the weekend and on Monday, as banks, retailers and others began alerting their customers to be on the lookout for fraudulent e-mails.
While e-mail addresses may not seem particularly vulnerable, experts say that if criminals can associate addresses with names and a business like a bank, they can devise highly customized attacks to trick people into disclosing more confidential information, a technique known as "spear phishing."