Email marketing vendor Epsilon said late last week that it detected a security breach March 30 that compromised the names and email information of several clients’ customer databases.
Epsilon said April 6 that the breach affected about 2% of its total client base, and that no personal identifiable information, such as Social Security numbers, credit card numbers or account information, was accessed. The company also said in a statement that it restarted marketing campaigns as a result of the data breach.
Impacted companies include JPMorgan Chase & Co., Walgreens, Best Buy, Ameriprise Financial and TiVo, according to media reports.
An Epsilon representative referred requests for comment to a statement released by the company April 1, but declined to share information about “impacted or non-impacted clients.” The representative said Epsilon is conducting a full investigation and is “cooperating with authorities.”
A “rigorous assessment” found that only email addresses and customer names were exposed in the security breach, according to Epsilon’s statement.
Numerous companies have notified their customers of the incident. For instance, Best Buy tweeted a link to a statement that said the retailer “is actively investigating the incident and Epsilon is conducting its own comprehensive investigation in cooperation with the appropriate authorities.”
Ameriprise Financial notified customers April 3 about the breach and warned them not to respond to emails that appear to be from the company asking for personal or financial information. JPMorgan Chase customers also received an email about the incident from SVP Patricia Baker, advising them to monitor unwanted spam and refrain from using their email address as a login ID or password. Citi also warned customers with credit card accounts to beware of such “phishing” attacks.
Epsilon has more than 2,500 clients and distributes more than 40 billion emails annually.