Mass e-mail breach: Just how bad is it?

By David Goldman, staff writer


NEW YORK (CNNMoney) -- It seems like every day for the past week, another dozen major companies have come out and said that they too have been affected by the massive data breach at e-mail marketing firm Epsilon.

Verizon (VZ, Fortune 500), Ritz Carlton, JCrew, Ann Taylor (ANN) and Victoria's Secret were among the most recent companies to tell customers that their e-mail addresses had ended up in the wrong hands.

The strange thing is that Epsilon, which manages customer databases and e-mail marketing for about 2,500 companies, announced the breach on March 31 -- a week ago. So why are companies still coming out of the woodwork a week later?

"We wanted to make sure we had the most detailed information possible from Epsilon," a Verizon spokesman said of his company's decision to wait until late Tuesday to send a message to its customers about the data theft. "With such a sensitive topic as personal information security, we wanted to get the information exactly right."

"It was necessary to take some time to fully understand the extent of the issue," said a Ritz Carleton spokeswoman. "Once we knew how this impacted our customers, we carefully crafted the appropriate communication."

Several other companies that notified their customers in the past day or two declined to comment. Epsilon also declined to discuss the incident.

It's understandable that companies would want to be very clear about what exactly is at stake for their customers: "Massive data breach" sounds scary.

But this one is pretty limited in scope. Epsilon said last week that an "unauthorized entry into Epsilon's e-mail system" exposed e-mail addresses and some customer names from around 2% of its clients.

The main danger that poses is the potential of increased spam and phishing attacks.

Spam sucks, but it's the modern equivalent of junk mail -- an annoying, but mostly benign fact of life.

The more hazardous threat is an increase in phishing attacks. Those fraudulent e-mails try to draw in in unsuspecting consumers by posing as messages from their bank, credit card company or telecom provider.

Phishing e-mails tend to tell recipients that their accounts have been blocked, and that they need to enter their account information to unblock them. But it's not Citibank or Macy's collecting that account information -- it's cyber criminals.

To avoid phishing attacks, customers should know that companies almost never request personal information in e-mail form. Suspicious e-mails should simply be deleted.

Meanwhile, expect those "your e-mail address has been compromised" messages to keep coming.

The laundry list of companies whose customer lists have been attacked is still growing. Ameriprise Financial, Hilton, Marriott, Chase, Target, Bebe, Eddie Bauer, TiVo, New York & Co., The McKinsey Quarterly, Lacoste, 1800-Flowers, Barclay's Financial, Best Buy, Walgreens, TD Waterhouse, Soccer.com, Beachbody, College Board, Citi, Brookstone, and AT&T Universal Citi Card have all reported that they were affected. To top of page

Frontline troops push for solar energy
The U.S. Marines are testing renewable energy technologies like solar to reduce costs and casualties associated with fossil fuels. Play
25 Best Places to find rich singles
Looking for Mr. or Ms. Moneybags? Hunt down the perfect mate in these wealthy cities, which are brimming with unattached professionals. More
Fun festivals: Twins to mustard to pirates!
You'll see double in Twinsburg, Ohio, and Ketchup lovers should beware in Middleton, WI. Here's some of the best and strangest town festivals. Play
Index Last Change % Change
Dow 17,804.80 26.65 0.15%
Nasdaq 4,765.38 16.98 0.36%
S&P 500 2,070.65 9.42 0.46%
Treasuries 2.18 -0.03 -1.27%
Data as of 4:19pm ET
Company Price Change % Change
Bank of America Corp... 17.62 0.09 0.51%
Apple Inc 111.78 -0.87 -0.77%
General Electric Co 25.62 0.48 1.91%
Intel Corp 36.37 -0.65 -1.76%
Microsoft Corp 47.66 0.14 0.29%
Data as of Dec 19

Sections

New York Magazine reporter Jessica Pressler, who has been caught up in controversy this past week, will not be moving on to a new job at Bloomberg News. More

Investors beware: These 5 global crises are likely to rattle the stock market and world economy. More

Forums in dark corners of the web sell the kinds of hacks that befell Sony. More

Unilever sued Hampton Creek over its egg-free mayonnaise spread Just Mayo. But the company behind Best Foods and Hellman's mayonnaise has now dropped the lawsuit. More

The income of the top 1% jumped significantly in 2012, far outpacing inflation. Not only did this group make a larger share of the country's income, their share of total taxes also jumped from 35% to 38%. More

Most stock quote data provided by BATS. Market indices are shown in real time, except for the DJIA, which is delayed by two minutes. All times are ET. Disclaimer.

Morningstar: © 2014 Morningstar, Inc. All Rights Reserved.

Factset: FactSet Research Systems Inc. 2014. All rights reserved.

Chicago Mercantile Association: Certain market data is the property of Chicago Mercantile Exchange Inc. and its licensors. All rights reserved.

Dow Jones: The Dow Jones branded indices are proprietary to and are calculated, distributed and marketed by DJI Opco, a subsidiary of S&P Dow Jones Indices LLC and have been licensed for use to S&P Opco, LLC and CNN. Standard & Poor's and S&P are registered trademarks of Standard & Poor’s Financial Services LLC and Dow Jones is a registered trademark of Dow Jones Trademark Holdings LLC. All content of the Dow Jones branded indices © S&P Dow Jones Indices LLC 2014 and/or its affiliates.