Recently, Epsilon, a leading marketing services firm notified clients of a possible data breach incident. The alert was issued after information security professionals identified unauthorized entry into Epsilon's e-mail system. Security professionals are investigating the incident. According to preliminary investigations, the unauthorized entry resulted in the disclosure of customer names and e-mail addresses. The firm has not divulged the number of customers affected, but has stated that the breach has affected around 2% of the company's clients. The company has over 2,500 clients and sends around forty billion e-mails to end-customers annually on behalf of the clients. Subsequent to the notification, several clients of Epsilon including McKinsey Quarterly, Kroger, JP Morgan Chase, Barclaycard U.S, Citigroup, Capital One, New York & Company, Walgreen and TiVo Inc. among several others alerted customers on disclosure of names and e-mail addresses. The companies have stated that no other personally identifiable and financial information has been disclosed. However, the clients are also conducting their own enquiries to confirm that no other personal and financial information was compromised.
Data infringement incidents may have adverse implications for the affected customers. The extracted information could be used to send spam e-mails. The gathered information could also be used to send phishing and spear phishing e-mails to entice customers to divulge more important information such as credit card details, social security numbers and mailing addresses.
Regular security assessment of computer systems and networks is crucial to detect and patch security flaws. Professionals qualified in computer science degree, penetration testing and security certifications may help in timely identification and mitigation of weaknesses in the information security infrastructure. Organizations suffering data breach incidents may have adverse business and legal implications. Clients utilizing the services of the targeted company may not extend, shorten or terminate their contracts, as they may lose customer trust and confidence.
Blogs, e-tutorials and online degree programs may be used to keep Internet users updated on latest security threats and implement safe computing measures. Affected individuals and Internet users must resist from replying to unsolicited e-mails, avoid clicking on links provided in e-mails from unknown sources and ignore e-mail attachments from unknown third parties.