Privacy & Information Security Law Blog

On April 1, 2011, Epsilon Data Management, LLC (“Epsilon”), a leading marketing services provider based in Irving, Texas, issued a press release announcing that its clients’ customer data had been “exposed by an unauthorized entry into Epsilon’s email system” that took place on March 30, 2011.  In the press release, Epsilon indicated that the information acquired as a result of the incident was limited to email addresses and customer names.  Several major retailers, credit card issuers, financial institutions and other companies that use Epsilon as a service provider have since notified their customers of the incident.  According to the various company statements and emails to customers distributed as a result of this incident, no other personal information (such as bank account information, credit card numbers or Social Security numbers) was compromised.  Potentially affected customers are being warned of possible “phishing” attacks that could be linked to the information acquired as a result of this incident.  Epsilon’s breach has the potential to be one of the largest in U.S. history.