14 DAY TRIAL // The security breach at email marketing provider Epsilon Data Management has affected millions of consumers including those that unsubscribed from the stolen mailing lists.
Late last month Epsilon discovered an intrusion into its email systems and determined that attackers walked away with the costumer email lists of many of its clients.
The company stressed that only 2 percent of its client base was affected and that the lists did not contain any personal information except for names and email addresses.
Nevertheless, those 2% account for around 50 companies, many of which are major retail chains, banks and other services providers.
They include.S. Bank, JP Morgan Chase, Capital One, Brookstone, McKinsey Quarterly, New York & Co, the Home Shopping Network, TiVo, City Market, Dillons, Jay C, Food 4 Less, Fred Meyer, Fry’s, King Soopers, Marriott Rewards, QFC, Ralphs, Ritz Carlton, Smith Brands, Walgreens, Kroger and many others.
This means that tens of millions of email addresses were exposed and since they are coupled with real names, security experts expect targeted attacks such as phishing or malware distribution.
According to Databreaches.net, the notification email sent by Walgreens to its customers following the incident reveals that even people who unsubscribed from its newsletter were affected.
"We realize you previously unsubscribed from promotional emails from Walgreens, and that will continue, but we feel an obligation to make you aware of this incident. We regret this has taken place and any inconvenience this may have caused you," the email reads.
This suggests that people's email addresses and names were kept on record after unsubscribing and this practice is probably not specific to Walgreens, since everyone used the same system.
This prompts questions about how sincere companies are with their customers when collecting data. People are criticizing the fact that despite outsourcing email marketing operations to third parties is an industry-wide practice, companies fail to reveal this when email addresses are gathered.