Security Blog

securityflaws
The Security Blog is written by our team of editors and includes thought provoking opinions, trends, and essential security information for security executives.

Biggest Security Breach Ever? Third Party of Big Businesses Hacked

Reputations Can Be Harmed

The names and e-mails of customers of Citigroup Inc and other large U.S. companies, as well as College Board students, were exposed in a massive and growing data breach after a computer hacker penetrated online marketer Epsilon. In what could be one of the biggest such breaches in U.S. history, a diverse number of companies that did business with Epsilon stepped forward over the weekend of April 3 to warn customers some of their electronic information could have been exposed. Drugstore Walgreen, Video recorder TiVo Inc, credit card lender Capital One Financial Corp, and teleshopping company HSN Inc all added their names to a list of targets that also includes some of the nation’s largest banks. The names and electronic contacts of some students affiliated with the U.S.-based College Board which represents some 5,900 colleges, universities and schools were also potentially compromised. No personal financial information such as credit cards or social security numbers appeared to be exposed, according to the company statements and e-mails to customers. Epsilon, an online marketing unit of Alliance Data Systems Corp, said April 1 that a person outside the company hacked into some of its clients’ customer files. The vendor sends more than 40 billion e-mail ads and offers annually, usually to people who register for a company’s Web site or who give their e-mail addresses while shopping. Law enforcement authorities are investigating the breach, though it was unclear April 3 how many customers or students had been exposed. Epsilon is also looking into what went wrong.