Massive Email Leak Part of Growing Trend


NEW YORK (MainStreet) – The latest Internet Security Threat Report from computer security firm Symantec suggests that targeted attacks on companies, like this week’s massive leak of consumer email addresses by email management firm Epsilon, are on the rise.

The Symantec report was released almost concurrently with the Epsilon leak, which means the incident was not included in the look back at the state of computer security in 2010. But it comes as a high-profile culmination of a year full of targeted attacks that compromised the security and privacy of large organizations and consumers alike.

“It would be pretty easy to label 2010 as the year of the targeted attack,” says Kevin Haley, a director at Symantec Security Response. “There were two high-profile ones – Stuxnet and Hydraq – and both of them should serve as a wake-up call that there are people out there that are targeting companies for financial gain.”

That financial gain comes in various forms, says Haley. Most innocuous are attacks in which emails are stolen and then sold to spammers by the megabyte, typically causing little more than an annoyance for consumers who suddenly find themselves dealing with more spam than usual. At the other end of the spectrum are attacks in which credit card numbers are stolen, which is not the case in the Epsilon attack.

Haley and other experts have suggested that consequences for consumers could fall somewhere in between the two poles. If the email addresses are associated with specific retailers or financial institutions, they could be used in so-called phishing attacks, with an attacker posing as the organization in question and asking the customer to change his password or reveal other identifying information. As such, several retailers who do business with Epsilon sent out emails informing consumers of the breach and warning them to be wary of any emails seeking such information.

“Legitimate companies are not going to send an email requesting you to click a link and give them personal info,” confirms Haley.

For now, all consumers can do is to practice common sense and treat any emails purporting to be from retailers or financial institutions with suspicion. Meanwhile, companies big and small should take the opportunity to make sure they have security software in place, and be sure that they encrypt all data that could be of value, including that which is transmitted by or stored on mobile devices and laptops.

The good news is that the sheer scale of the leak is likely to serve as a wake-up call for the general public about the growing trend of targeted attacks. In that sense, at least, the cloud has a silver lining for the future of computer security.

“There’s been such visibility on this that everybody’s suspicion will be a lot higher,” says Haley. “Most people I talk to are having a lot of conversations about this, because everything’s been affected.”

—For the best rates on loans, bank accounts and credit cards, enter your ZIP code at

Show Comments

Back to Top