Major security breach exposes customer info (video)

CNET's Kara Tsuboi reports on the database hack at Epsilon, which handles e-mail marketing for thousands of companies, and what customers can do to protect themselves.

Kara Tsuboi Reporter
Kara Tsuboi has covered technology news for CNET and CBS Interactive for nearly seven years. From cutting edge robotics at NASA to the hottest TVs at CES to Apple events in San Francisco, Kara has reported on it all. In addition to daily news, twice every week her "Tech Minutes" are broadcast to CBS TV stations across the country.
Kara Tsuboi
2 min read
Watch this: Breach exposes clients' customer names, e-mail

More and more customers are receiving e-mails warning them of Friday's database hack at Epsilon, which handles e-mail marketing for thousands of companies. The breach exposed personal information like names and e-mail addresses.

Dallas-based Epsilon works with more than 2,500 clients and sends more than 40 billion e-mails annually, so the magnitude of the breach may not be seen until the investigation is complete. So far, the following companies have confirmed a security breach: Kroger,TiVo, US Bank, JPMorgan Chase, Capital One, Citi, Home Shopping Network, Ameriprise Financial, LL Bean Visa Card, McKinsey & Company, Ritz-Carlton Rewards, Marriott Rewards, New York & Company, Brookstone, Walgreens. The College Board, Disney Destinations, and Best Buy.

In a statement on its Web site, Epsilon says, "The information that was obtained was limited to e-mail addresses and/or customer names only...A full investigation is currently underway."

Epsilon says the hackers did not get their hands on financial information, but CNET reporter Declan McCullagh warns that names and e-mail addresses combined together can be used for potent phishing schemes. For example, a hacker can custom-tailor an e-mail that asks people to log in to a financial Web site. If users see their name and e-mail displayed in one place, they're more likely to follow instructions and reveal that personal information. McCullagh cautions not to open e-mail from unknown senders, and certainly not to click on suspicious links. If you need to log in to a company's Web site, it's safest to type in their address into your browser window.