Breach at Epsilon Exposes Emails

A data breach at one of the world's largest providers of marketing-email services may have enabled unauthorized people to access the names and email addresses for customers of major financial-services, retailing and other companies.

While no financial information was compromised, the major concern is that the emails and names could be used for "phishing," that is, phony emails asking unsuspecting consumers to divulge information such as account numbers, log-ins or Social Security numbers. As a result, companies were warning customers that they don't ask for personal information, like credit-card and Social Security numbers, via email. On April 1, Dallas-based Epsilon, a subsidiary of Alliance Data Systems Corp., said that on March 30, "A subset of Epsilon clients' customer data [was] exposed by an unauthorized entry into Epsilon's email system. "The information that was obtained was limited to email addresses and/or customer names only," the company said, adding that no other information associated with those names was at risk." The company said an investigation is under way.