Banks, retailers warn customers of data breach
Bob Moon: Do you do business with any of these companies: Capital One, Citibank, Marriott, the Home Shopping Network, Walgreens or TiVo? Check your inbox today, and there's likely to be an apology, along with a warning, that your email address may have been compromised.
A big marketing firm that works with those brands -- and many more -- has had its data breached. Cyber thieves stole possibly millions of email addresses. Now, we're not talking about bank account information or credit card numbers. But Marketplace's Stacey Vanek Smith explains why this is still such a big deal.
Stacey Vanek Smith: Usually, email addresses aren't worth the time it takes to steal them.
Brian Krebs: Email addresses are very cheap. Last time I checked, you can buy a million of them for about $20.
That's online security expert Brian Krebs. But he says these email addresses are special, because they're linked to companies, so cyber thieves know that a certain email address is a customer of Best Buy or JPMorgan Chase. That makes it possible to launch a more sophisticated type of scam, where cyber thieves imitate a trusted site, like your bank, and get you to give up information.
Krebs: The email comes in and it's not just 'Dear X bank user.' It's an email that addresses you by name; it includes in the body of the message, some particular detail about you or about your relationship with the company that the fraudsters are impersonating.
Ted Julian is an analyst at the Yankee Group. He found out about the data breach when he got an email from TiVo. I asked him, who would want his email address?
Ted Julian: People whose business it is to send you all the spam that clogs up your inbox. Organized crime is always looking for this kind of information so they can run various scams.
Julian says cyber theft is now a multi-billion dollar business. It's also very bad for business, says Georgia Tech's Nick Feamster. The breach could raise doubts about any online marketing campaign.
Nick Feamster: Companies spend tens of billions of dollars trying to protect against this type of incident.
This is one of the biggest data breaches on record. Epsilon released a statement saying that just 2 percent of its clients have been affected and that it's fully investigating what happened.
I'm Stacey Vanek Smith for Marketplace.