Epsilon Security Breach and New Spam

On March 30, 2011, one of the largest clearinghouses for email, Epsilon, was breached. This company services customer mailings for companies ranging from Target and L.L. Bean to CITI and Capitol One. There were a total of 36 or more large customers of Epsilon that had their records compromised.

You may ask what the impact of this is on you. No credit cards or Social Security numbers were lost in this breach. But with the huge numbers of email addresses that were lost we can expect a large increase in spam and phishing attacks. To be clear, spam is junk mail sent through email. A phishing attack is spam that is trying to gather information about you. Phishing attacks can look very real. It may look like an email from your bank with a link to customer service or an advertisement from your favorite store with a link for a coupon deal. We have already seen some from this breach. There are reports of emails claiming to be from some of these vendors with links in the emails that are supposed to direct you to a website that will offer more information on the breach. The links actually download malware to your system. The information security community expects to see a lot more of this type of activity.

How can you protect yourself? If you get an email that has an attachment in it that you were not expecting, delete it. If you get an email in it with a link to a web site or another reference from which you do not know the source, delete it. Do not forward emails with attachments or links; these should be in an original email. Do not forward jokes or other types of email that might be caught in a spam filter. Limit to whom you provide your email address.

Remember that Middlebury and your own personal spam filters and junk mail folders may start to see an increase in spam and junk mail in the coming days due to this breach. Please be patient with us as we navigate through this time, and help us by watching for these suspicious emails and using appropriate precautions.