Epsilon e-mail Marketing Breach

By now, you may have heard of the security breach at mass email marketing company Epsilon, where the names and email addresses of thousands, if not millions, of people have been stolen. The current list of companies include:

  • 1-800-Flowers
  • AbeBooks
  • Ameriprise Financial
  • Barclays Bank
  • Best Buy
  • Brookstone
  • Citibank
  • Disney Destinations
  • Hilton Worldwide
  • JP Morgan Chase
  • Kroger
  • Lacoste
  • Marriott International
  • McKinsey Quarterly
  • New York & Company
  • Robert Half
  • Target
  • Tivo
  • US Bank
  • Verizon
  • Walgreens

The warning emails are starting to role in. This one from Target:

When will it become Standard Operating Procedure, and an industry standard, if you are storing customer info, to store it in an encrypted database! It can’t be that difficult!! The money you are spending on the resulting PR, could probably have been used to secure the database.

I blame, not only Epsilon, but also the companies that dealt with Epsilon for not making it a requirement that the customer info be encrypted.

SecureID firm, RSA, has it’s servers hacked

Man, security is getting tougher. When the servers at a well known security firm get hacked, we need to rethink our security protocols and business practices. From Sophos/Naked Security:

Hackers have broken into the servers of RSA, the security division of EMC, and stolen information related to the company’s SecurID two-factor authentication products.

Read the full story @ Sophos.com…Security firm RSA warns that its servers have been hacked | Naked Security.

Spam Taking Advantage of Gawker Hack

We know that Gawker Media had it’s databases hacked, releasing millions of usernames and passwords.

Now spammers/hackers are taking advantage of that story to send out spam emails like this:

Beware…