Epsilon Epidemic

Assuming that the Epsilon fiasco will lead to some sort of phishing epidemic, I’ve already posted an Epsilon resources blog at AVIEN, but as phishing is well within the current remit of this blog, I’ve also included a quick summary below. The links include articles offering advice, listing companies affected and so forth. If you’re only interested in a specific type of article, the AVIEN blog has more detail on some of the articles: the list here is in no particular order.

Perhaps the most ironic aspect of the incident is that while the media is waiting for a dramatic spear-phishing incident, the most notable symptom right now is the sheer volume of emails from customers of Epsilon warning their own customers about the compromising of their email addresses.

• http://blog.eset.com/2011/04/07/phishphloods-not-all-phishing-is-spear-phishing
• http://www.smh.com.au/technology/security/dell-australia-customer-details-stolen-in-major-global-data-breach-20110407-1d4yd.html
• http://www.databreaches.net/?p=17374
• http://nakedsecurity.sophos.com/2011/04/04/epsilon-email-address-megaleak-hands-customers-customers-to-spammers/
• http://www.scmagazineuk.com/epsilon-confirms-that-no-financial-data-was-breached-as-it-admits-that-the-potential-loss-of-clients-is-its-greatest-risk/article/200122/
• http://www.scmagazineuk.com/if-your-outsourced-data-is-breached-where-does-the-responsibility-lie/article/200123/
• http://krebsonsecurity.com/2011/04/epsilon-breach-raises-specter-of-spear-phishing/
• http://krebsonsecurity.com/2011/04/after-epsilon-avoiding-phishing-scams-malware/
• http://blog.eset.com/2011/04/04/how-to-avoid-a-phishing-attack
• http://blog.eset.com/2011/04/04/information-wants-to-be-free-so-epsilon-thinks
• http://threatpost.com/en_us/blogs/list-companies-hit-epsilon-breach-040511
• http://anti-virus-rants.blogspot.com/2011/04/why-epsilon-breach-shouldnt-be-issue.html

David Harley CITP FBCS CISSP
Small Blue-Green World
ESET Senior Research Fellow