As I have been reporting since last week,  Epsilon Marketing , a major email marketing firm that sends 40 billion messages every yea to end users on behalf of its roster of corporate clients, reported in a quick note to their clients

“On March 30th, an incident was detected where a subset of Epsilon clients’ customer data were exposed by an unauthorized entry into Epsilon’s email system. The information that was obtained was limited to email addresses and/or customer names only. A rigorous assessment determined that no other personal identifiable information associated with those names was at risk. A full investigation is currently underway,”

At this time it appears only names and email addresses were taken by the yet to be identified outside entity, but the fallout will be substantial in the industry, and for Epsilon.

Those Clients reported so far in the press.

JPMorgan Chase
Capital One
Citi
New York & Company
US Bank
Barclays Bank of Delaware (and Barclay’s L.L. Bean Visa card)
Brookstone
McKinsey Quarterly
TiVo
College Board
Walgreens
Ameriprise
Marriott Rewards
Ritz-Carlton Rewards
Disney Destinations (The Walt Disney Travel Company)
Benefit Cosmetics (see below)
Home Shoppers Network (HSN)
AbeBook
Best Buy
Best Buy Canada Reward Zone

and now

Hilton Rewards (I just got an email)  ;-(   The list will most likely continue to grow.

Each company involved has a responsibility to their customers to make sure that any 3rd party vendors they share data certify they maintain appropriate IT Controls and Security enabled.

Appears there is a lot of work to be done.