Citadel Information Group

  • Home
  • About Us
    • About Citadel
    • Who We Are
    • When To Call Citadel
  • Services
    • Overview: Delivering Information Peace of Mind ® to Business and the Nonprofit Community
    • Citadel’s Information Peace of Mind ® Program
    • Assessments and Reviews
    • Information Security Policies and Standards
    • Secure The Human
    • Phishing Defense Training
    • CCPA and Defendable Security Procedures and Practices
    • Privacy: Information Inventory / Data Mapping
    • Security Management of the IT Network / Infrastructure
    • Incident Response / Business Continuity
    • Secure Application Development — Learn By Doing
    • Litigation Support
    • Keynotes
    • Client Success Stories
  • Blog
  • Resources
    • Information Security Library
      • Citadel Guides
      • Awareness Posters
      • For Boards and the C Suite
      • Cybersecurity Law
      • Cybersecurity Surveys
      • HIPAA HITECH
      • Insurance and Risk Management
      • National Cybersecurity
      • Online Bank Security
      • Payment Card Industry Data Security Standard
      • Personal Cybersecurity
      • Securing the IT Network
      • Helpful Links
    • Blogs
      • Cybersecurity Blogs
      • Leadership and Culture Change Blogs
  • Contact
You are here: Home / Weekend Patch Report / Epsilon’s Email Mess: Warnings for Consumers and Lessons for All

April 5, 2011 by Stan Stahl Ph.D.

Epsilon’s Email Mess: Warnings for Consumers and Lessons for All

A cyber security breach at marketing firm, Epsilon, has exposed the names and email addresses of millions of customers of some of America’s largest companies, including JP Morgan Chase, Citibank, Barclays Bank, U.S. Bancorp, Walt Disney, Marriott, Best Buy, Target, Kroger and Walgreen’s.

As a result of this breach, customers of these companies are at increased risk of several kinds of cyber crime. This includes bank fraud, identity theft, and credit card theft. More subtly, victimized customers may find that cyber criminals have taken control of their computer, covertly using it to send spam or participate in other illegal activities such as distributed denial of service attacks.

A Warning for Consumers: Consumers need to be very suspicious of emails appearing to come from financial institutions or companies with whom they do business. Cyber criminals are expected to use these stolen email addresses to spear-phish customers. Customers will receive a phony email designed to look like it came from a legitimate company. The email may have a link in it. It may have an attachment. Or it may ask for sensitive information. Consumers need to delete these emails since following a link or opening an attachment can expose their computer to attack. And they should never put sensitive information in an email.

Consumers also need to keep their workstation upgraded with the latest security patches in case a spear-phishing attack gets through. Our Weekend Patch and Vulnerability Report can be used to help keep computer programs up-to-date. Consumers also want to make sure to use an antivirus program or, even better, a host-based intrusion prevention solution.

A Lesson for Organizations Sharing Information with 3rd Parties: Organizations that share information with 3rd-parties can learn an important lesson from the embarrassment suffered by Epsilon’s customers. Cyber security management is a challenge that is not to be taken for granted. Organizations who provide 3rd-parties with access to consumer or other sensitive information have a responsibility to be diligent in assuring these 3rd-parties are properly protecting it. (See the papers in our CEO-Library for examples of what to expect of a 3rd party before sharing sensitive information.) This includes not only 3rd-party marketing companies like Epsilon but also 3rd-parties having access to sensitive information or who write the programs which manage access to sensitive information:

  • Datacenters
  • Cloud providers
  • Web site developers
  • 3rd-parties who develop custom applications
  • Outsourced IT staff who maintain and manage the network

A Lesson for All: All organizations with consumer or other sensitive information can draw a lesson from Epsilon’s travails:  You never get a second chance to make a good first impression. Epsilon’s brand will forever be tainted by this exposure. Solid cyber security management is a lot less costly.

 

Filed Under: Weekend Patch Report

Call us for a free confidential consultation:
323-428-0441

Get our newsletter

A weekly report of critical security updates and the latest cybersecurity news delivered to your inbox from Secure The Village.

Sign Up

Categories

Get in touch

323 428 0441
info@citadel-information.com

Citadel Information Group
Citadel on Linkedin
SecureTheVillage on Linkedin

About Us

Citadel Information Group is a full service integrated information security management / governance firm. We work either consultatively or as part of a client’s senior management team, assisting our clients cost-effectively manage the confidentiality, privacy, integrity and availability of their information. Learn more.

Key Resources

  • The Citadel Way to Information Security Management
  • Creating a Cybersecurity Aware Culture
  • Secure Application Development: The CISO’s Role – a webinar with WhiteHat Security
  • Information Security Library

Copyright © 2018 by Citadel Information Group  All Rights Reserved | Privacy Policy