Each day, a new company is added to the list of clients affected by the massive data breach at email marketing provider Epsilon. Now, several U.S. senators and House representatives are demanding more details about the magnitude of the breach and how the email thefts are impacting consumers.
U.S. Sen. Richard Blumenthal of Connecticut wrote an April 6 letter to United States Attorney General’s Office noting there may be some consumers still unaware their email addresses may have been stolen.
"While some of Epsilon’s client companies have notified their customers of the breach, other consumers may be unaware that their names, email addresses and other potentially identifying information may be at risk," wrote Blumenthal.
Epsilon Interactive, a large email marketing services company with approximately 2,500 clients, disclosed April 1 that attackers had stolen customer data belonging to several of its clients. While the extent of the breach is still under investigation, the initial list of affected companies included several financial organizations such as JPMorgan Chase, major hotel chains such as Marriott Rewards, and big retailers such as Best Buy.
Since the data stolen did not contain any personal-identifying information, such as Social Security numbers or credit card information, existing state laws requiring breach notifications may not apply in this case. Even so, attackers could use the email addresses to launch phishing attacks to steal more sensitive data such as financial information or login credentials to other sites, industry experts have warned.
"I believe that immediate notification to all customers is vital to protect them—and enable them to protect themselves—from identity theft," said Blumenthal. Bluementhal recommended Epsilon or its clients pay for financial data security services and credit reports for affected consumers for two years.
U.S. Reps. Mary Bono Mack of California and G.K. Butterfield of North Carolina, the leaders of the House Energy and Commerce panel, wrote their own letter to the CEO of Alliance Data, Epsilon’s parent company, asking for more details on how many customers were affected and how the breach occurred.
For more, read the eWEEK article: Congress Demanding Epsilon Release More Details About Data Breach.