Inside TDV - The Data Vault Blog
Dealing with a Data Breach
RSA, a branch of EMC Worldwide, uncovered a major cyber attack in progress in March. PCWorld reports that the network storage and data recovery giant advised customers of its SecureID authentication product to “re-educate” employees on email and password security.
Additional news of a data breach hit close to home with worldwide reverberations. According to an April 4 report by Business First, Kroger and JPMorgan Chase – familiar names in Louisville and surrounding areas – are contacting customers whose personal information may have been stolen from computer systems managed by Epsilon, a national third-party email marketing firm based in Dallas, TX.
The Privacy Rights Clearinghouse is calling Epsilon’s March 31 computer systems breach the largest security breach ever. In addition to Kroger and JPMorgan Chase, hackers stole customer names and email addresses from Target, Best Buy, Walgreens and other major banks and retailers that stored customer data with the Texas-based firm. Victims of the breach may be subject to a flood of email spam and phishing scams.
Beth Givens, director of the Privacy Rights Clearinghouse, responds in a podcast interview to the Epsilon breach. Givens explains third-party email marketing services and potential fallout from the breach. She reveals that the Privacy Rights Clearinghouse had personal information of employees stored at Epsilon and advises listeners on email and Internet security measures.
The Secret Service is investigating the Epsilon breach. If you receive spam, report it to firstname.lastname@example.org.
As always, be vigilant about your personal and business email use. Delete suspicious messages immediately. Open attachments only from trusted sources. Do not respond to email requests for sensitive information.
In particular, remain wary of email links to online forms. Instead, direct your browser to login pages by typing the Web address or setting a browser bookmark or favorite. Remember that retailers, banks and other businesses should not email requests for your account number, password and sensitive information.
Written by: AGriffin