Epsilon is one of the world’s largest providers of marketing services and many significant retailers and financial institutions make up their client list, such as Citibank, Capital One, U. S. Bank, Best Buy, Kroger, Visa, American Express, Home Shopping Network, Staples and many more. Epsilon is also now named by Reuters as the company that has sustained the largest breach of names and emails addresses in U. S. history.
This company handles about 40 billion emails annually and thus the hacker(s) have access to the names and emails of Epsilon’s clients customers. Why? The next phase of this hack job will come when the hacker uses that information to go phishing or smishing. What does this mean? Phishing is the use of email that appears to be from a legitimate company but is really a scam designed for the recipient to release private information that will be used for identity theft purposes. Smishing is the same approach but uses mobile phone text messaging to accomplish the same fraud. Who is at risk for being sued from persons that may become victims of this type of fraud?
Well, first up is Epsilon but right behind will come their client(s) whose customer was the victim. The claim will involve allegations of improper management of private information, breach of security due to improper monitoring and encryption technology resulting in financial harm to the customer.
This will not be covered under a General Liability or Umbrella policy. Coverage for this type of loss will be under a Cyber risk policy.
First reported 4/11