14 DAY TRIAL // Members of the House Subcommittee on Commerce, Manufacturing and Trade have sent a letter to Dallas-based Alliance Data Systems, questioning the company about the recent data breach at its subsidiary, Epsilon Data Management.
At the beginning of the month Epsilon announced that hackers broke into its email server and stole customer email lists containing the email addresses and names.
The customers of around 50 large companies activating in various fields including financial services, retail, computer manufacturing and others, were affected.
Firms like U.S. Bank, JP Morgan Chase, Capital One, Brookstone, McKinsey Quarterly, New York & Co, the Home Shopping Network, TiVo, City Market, Dillons, Jay C, Food 4 Less, Fred Meyer, Fry’s, King Soopers, Marriott Rewards, QFC, Ralphs, Ritz Carlton, Smith Brands, Walgreens, and Dell are amongst the victims.
The breach has generated fears of targeted phishing and malware attacks against affected users and according to some reports, some malicious campaigns have been spotted already.
"In the simplest fashion, a criminal can easily create a phishing e-mail that could lead an unwitting consumer into financial disaster," subcommittee chairwoman Mary Bono Mack, R-Calif., and ranking member G.K. Butterfield, D-N.C., wrote in the letter to Alliance Data Systems.
"With a reported 40 billion marketing e-mails sent a year, the Epsilon breach could potentially impact a historic number of consumers," they added.
The subcommittee asks the company to provide more information about the incident, such as the time of occurrence, the time when authorities and its clients were notified, the number of companies and consumers affected, the names of the affected companies, and the contents of the exposed data.
Details about the circumstances that led to the compromise and what steps were taken to prevent similar security breaches in the future have also been requested.
According to the National Journal, Bono Mack is planning to introduce the Data Accountability and Trust Act, which aims to further safeguard consumers from data breaches.