Breach in e-mail security leads to possible scams

Monday, April 4, 2011 | 12:25 p.m. CDT

NEW YORK — With the possible theft of millions of consumer e-mail addresses from an advertising company, several large companies have started warning customers to expect fraudulent e-mails that try to coax account login information from them.

A dozen companies said over the weekend that hackers may have learned their e-mail addresses because of a security breach at a Dallas-based company called Epsilon that manages e-mail communications.

Among the affected companies are banks such as Capital One Financial Corp., Barclays Bank, U.S. Bancorp and Citigroup Inc., JPMorgan Chase & Co., and retailers including Best Buy Co., TiVo Inc., Walgreen Co. and Kroger Co.

The College Board, the not-for-profit organization that runs the SATs, also warned that a hacker may have obtained student e-mail addresses.

Walt Disney Co.'s travel subsidiary, Disney Destinations, sent e-mails warning customers Sunday.

Epsilon said Friday that its system had been breached, exposing e-mail addresses and customer names but no other personal information.

The e-mail addresses could be used to target spam. It's also a standard tactic among online fraudsters to send e-mails to random people, purporting to be from a large bank and asking them to log in in at a site that looks like the bank's site. Instead, the fraudulent site captures their login information and uses it to access the real account.

The data breach could make these so-called "phishing" attacks more efficient, by allowing the fraudsters to target people who actually have an account with the bank.

Epsilon, a unit of Alliance Data Systems Corp., sends more than 40 billion e-mails annually and has more than 2,500 clients.

Shares of the parent company fell $3.82, or 4.45 percent, to $82.11 in morning trading Monday.

Like what you see here? Become a member.

Show Me the Errors (What's this?)

Report corrections or additions here. Leave comments below here.

You must be logged in to participate in the Show Me the Errors contest.


Leave a comment

Speak up and join the conversation! Make sure to follow the guidelines outlined below and register with our site. You must be logged in to comment. (Our full comment policy is here.)

  • Don't use obscene, profane or vulgar language.
  • Don't use language that makes personal attacks on fellow commenters or discriminates based on race, religion, gender or ethnicity.
  • Use your real first and last name when registering on the website. It will be published with every comment. (Read why we ask for that here.)
  • Don’t solicit or promote businesses.

We are not able to monitor every comment that comes through. If you see something objectionable, please click the "Report comment" link.

You must be logged in to comment.

Forget your password?

Don't have an account? Register here.