Epsilon, the largest email marketing company, is reeling from a huge breach of its clients’ personal email data. At least 19 major brands (and as many as 50) have been affected by the cyber attack, where hackers broke into the company’s systems and stole names and email addresses of lots of people.

Epsilon said that only 2 percent of its users had their name and email stolen. But that could add up to a very large number of users — surely in the millions — as Epsilon handles email marketing services for more than 2,500 companies. The problem is that cyber criminals can now use those email lists to send phishing attacks — with personalized messages from brands that consumers do business with — that could be much more effective than random email spam. The company says a full investigation is underway.

I received two emails — yeah, can you beat that number? — from some of those brands saying that my data had been leaked and that I should beware of suspicious emails. If you have signed up for or opted into email or other digital marketing campaigns from the affected brands, there’s a chance the thieves have your name and email. Epsilon sends billions of emails a year on behalf of its clients. That is jarring for consumers, since they’re getting emails today from brands who say they turned over their email address and the name that goes with it to an outsourcing company, Epsilon, that nobody ever heard about. The advice for now is, don’t respond to any new messages coming from these brands, and certainly don’t click on anything in your warning email.

Best Buy, one of the chains that was hit, told customers that it will never ask anyone to provide information such as credit card numbers unless they are on its secure e-commerce site www.bestbuy.com. If you receive an email asking for the personal information, you should delete it because “it did not come from Best Buy.” Citibank told customers it would send emails using your first and last name, the last four digits of a Citi credit account number, and the “member since” date to show that it’s a legitimate email.

The list includes the following companies. Please leave comments below about how many times your email was stolen and whether there are more companies than the ones below that are affected:

Best Buy
Capital One
JP Morgan Chase & Co.
US Bank
McKinsey & Company
Ritz-Carlton Rewards
Marriott Rewards
New York & Company
The College Board
Home Shopping Network (HSN)
LL Bean
Disney Destinations
Barclays Bank of Delaware

[image credit: malwareresearchgroup]