Americans are right to be concerned about a huge data breach at an online marketing company, Epsilon, which resulted in the theft of names and e-mail addresses for customers and employees of some of the nation’s largest businesses, including Citibank, Disney andVerizon.
Epsilon issued a statement assuring that no other information was compromised. But millions of consumers could still be vulnerable to sophisticated identity-theft ploys — “spear phishing” — in which scammers target e-mails to specific people and make it appear as if they came from a company they trust. Familiarity can lure victims into clicking on links, downloading malware, or responding to requests for account numbers or passwords.
This is not an isolated case. Last month, at RSA, which produces SecurID tokens, an employee received an e-mail entitled “2011 Recruitment Plan” and clicked on its Excel attachment. This released a program that gave hackers access to the company’s network and allowed them to lift information about the tokens.
Two years ago, the Justice Department charged a 28-year-old from Miami and two Russians with stealing 130 million credit card numbers from one of the world’s largest payment processing companies. Last year there were large-scale data breaches at Affinity Health Plan, Lincoln Financial Securities and Ohio State University.