There's this company called Epsilon that's a big player in the corporate email marketing business — $500 million a year in revenues, huge corporate clients, "more than 40 billion emails annually."
As you'd imagine, Epsilon has lots and lots of email addresses in its database. So it's worth noting that some of those names and email addresses "were exposed by an unauthorized entry into Epsilon's email system."
Banks, grocery stores, drug stores and hotels are among the companies whose customers' email addresses may have been stolen. According to SecurityWeek, the companies include:
- US Bank
- JPMorgan Chase
- Capital One
- Home Shopping Network (HSN)
- Ameriprise Financial
- LL Bean Visa Card
- McKinsey & Company
- Ritz-Carlton Rewards
- Marriott Rewards
- New York & Company
- The College Board
- Disney Destinations
- Best Buy
The companies are now alerting their customers with statements like this one from JPMorgan Chase, which seem to serve three functions:
1. Put the blame squarely on Epsilon.
we were informed by Epsilon, a marketing vendor we use to send e-mails, that an unauthorized person outside their company accessed files that included e-mail addresses of some Chase customers
2. Point out that customers' financial data was apparently not exposed.
the files that were accessed did not include any customer financial information, but are actively investigating to confirm this
3. Warn customers against phishing scams.
Chase will never ask customers for personal information or credentials in an email.