Banks, Retailers Warn Customers After Email Database Hacked

LOS ANGELES (CBS/AP) — Some of the largest companies in the U.S. are warning customers about a potential wave of fraudulent emails headed for their inbox after a security breach at a national online marketing firm.

A dozen companies — including Chase, Citigroup, Walgreens, and Kroeger — said over the weekend that hackers may have learned their email addresses because of a security breach at a Dallas-based company called Epsilon that manages email communications.

An alert is going out about a massive data breach involving e-mails and addresses of customers of and other big companies after the system run by online marketing firm Epsilon was compromised over the weekend.

Customers of the affected firms may see their inbox flooded with fraudulent emails that try to coax account login information from them.

Hacker-turned-cyber-security consultant Greg Evans tells KNX 1070's Dick Helton customers should be "very concerned" about any incoming emails from your bank or other firms with your email address.

Among the affected companies are banks like Capital One Financial Corp., Barclays Bank, U.S. Bancorp and Citigroup Inc., JPMorgan Chase & Co., and retailers like Best Buy Co., TiVo Inc., Walgreen Co. and Kroger Co.

The College Board, the not-for-profit organization that runs the SATs, also warned that a hacker may have obtained student email addresses.

Walt Disney Co.'s travel subsidiary, Disney Destinations, sent emails warning customers on Sunday.

Epsilon said Friday that its system had been breached, exposing email addresses and customer names but no other personal information.

The email addresses could be used to target spam. It's also a standard tactic among online fraudsters to send emails to random people, purporting to be from a large bank and asking them to login in at a site that looks like the bank's site. Instead, the fraudulent site captures their login information and uses it to access the real account.

The data breach could make these so-called "phishing" attacks more efficient, by allowing the fraudsters to target people who actually have an account with the bank.

Epsilon sends more than 40 billion emails annually and has more than 2,500 clients.

(TM and © Copyright 2010 CBS Local Media, a division of CBS Radio Inc. and its relevant subsidiaries. CBS RADIO and EYE Logo TM and Copyright 2010 CBS Broadcasting Inc. Used under license. All Rights Reserved. This material may not be published, broadcast, rewritten, or redistributed. The Associated Press contributed to this report.)