Categories: SecurityWorkspace

M&S Customer Details Exposed In Epsilon Breach

The fallout from the data breach reported earlier this week by Epsilon, a large email marketing services company based in the United States, is now said to be reaching the UK.

On 30 March, Epsilon apparently detected “an unauthorised entry” into its email system, and then days later, issued a public warning that data belonging users had potentially been exposed to hackers, after millions of email addresses were stolen.

It said that around 50 of the 2,500 companies Epsilon works for were affected by the hack. This includes customers of well known brands such as Hilton Hotels, Best Buy, and Barclaycard US.

Phishing Concerns

There is little doubt that the data breach is damaging, and it has been described as one of the largest internet security breaches in US history. This is because it could potentially impact anyone who has ever signed up to receive a retail offer or alert through their email account.

Epsilon has already warned that thieves may use the information to launch a phishing campaign to trick users into disclosing more critical data.

And now customers of one of the UK’s leading retailers, Marks & Spencer, has become the first UK chain to warn that customer details may have been compromised in the Epsilon breach.

M&S customers were warned late on Tuesday that their details may have been compromised.

In an email to customers seen by the Guardian newspaper, M&S said that it does “take your privacy very seriously” and added it would “continue to work diligently to protect your personal information.”

However it also warned customers to expect unsolicited spam emails.

M&S Statement

“Epsilon, our email marketing supplier, has informed us that a number of its clients’ customer files have been accessed without authorisation, including Marks & Spencer,” M&S told eWEEK Europe in an emailed statement.

“The compromised files were limited to names and email addresses – no other personal or financial information is at risk. We have contacted our customers to inform them on this incident,” it added.

“The information that was obtained was limited to email addresses and/or customer names only,” Epsilon said in a terse statement. “A rigorous assessment determined that no other personal identifiable information associated with those names was at risk. A full investigation is currently underway.”

Spam Surge

“As we’ve noticed before, carelessness with email addresses isn’t a cardinal sin in the data leakage world – both TripAdvisor and Play.com have owned up recently to similar indiscretions, without any major loss of esteem,” wrote Paul Ducklin of Sophos.

“However, losing your email address to scammers and spammers is likely to mean a surge in spam to your account,” he warned. “Also, losing your email address via a service to which you already belong makes it much easier for scammers to hit you with emails which match your existing interests, at least loosely. That, in turn, can make their fraudulent correspondence seem more believable.”

It remains to be seen whether the data breach will trigger an investigation by the UK Information Commissioner’s Office.

While Epsilon is a US-based company, and the United States does not have the same data protection laws as the UK, when companies pass the details of UK citizens to foreign companies, they must ensure that the destination has a proper “safe harbour” arrangement to safeguard the data to European standards.

Tom Jowitt

Tom Jowitt is a leading British tech freelancer and long standing contributor to Silicon UK. He is also a bit of a Lord of the Rings nut...

Recent Posts

OpenAI In Talks With California Over For-Profit Shift

OpenAI reportedly begins early talks with California attorney general over complex transition from nonprofit to…

10 hours ago

EU To Assess Apple’s iPad Compliance Plans

European Commission says it will review Apple's iPad compliance with DMA rules as it seeks…

11 hours ago

James Dyson Says ‘Spiteful’ Budget Will Kill Start-Ups

James Dyson delivers most high-profile criticism so far of Labour's first Budget that raises £40bn…

11 hours ago

Nvidia, Meta Ask Supreme Court To Axe Investor Lawsuits

Nvidia, Meta bring cases before US Supreme Court this month seeking tighter limits on investors'…

12 hours ago

Nvidia To Replace Intel On Dow Jones Industrial Average

Nvidia to replace Intel this week on Dow Jones Industrial Average after years of turmoil…

12 hours ago

Toyota-Backed Joby Flies ‘Air Taxi’ In Japan

Joby Aviation and Toyota Motor complete demonstration flight in Shizuoka as companies prepare to bring…

13 hours ago