By now you’ve probably heard that a company called Epsilon got hacked last week, and you’ve likely been told by roughly 10,236 organizations that you deal with regularly, so what does it really mean for you?
Epsilon is a company that handles the e-mail that large companies like Chase or Disney regularly send to their customers. They are not a spammer in that these are legitimate communications from legitimate companies, things like notices of change of policy or a new bargain. Apparently they are (or were) very successful at this as their client list seems long and impressive.
Unfortunately, their systems were hacked and the thieves got away with the names and e-mail addresses stored on their computers. It’s unclear how many names were obtained or what else might have been taken.
The hackers’ motives are unknown, of course, but the speculation is that they intend to use this information to trick you. How? Well, if they have your name and e-mail address and know that you are, say, a customer of Chase, they could send you a carefully crafted, forged e-mail, ostensibly from Chase, asking you to follow a link that will eventually ask you for your account and other sensitive information. (This is commonly referred to as “phishing”.) Or they could sell the information to others who will do that. Or they might be a bunch of kids just looking for bragging rights.
In any case, you can protect yourself very simply: If you get an e-mail from a company that you usually get e-mail from, and it asks you to do something important or even routine, don’t click the link in the e-mail. Rather, navigate to the web site yourself, log in as always, and try to find out if the company really wants something from you.
Yes, I know that’s a pain, but nothing compared to inadvertently giving a thief your username, password, or other private information.
For a list of companies affected by this breach, see this article.