Marks and Spencer was hit by Epsilon breach

POSH MARKET CHAIN Marks and Spencer is the latest UK company to admit it was hit by a huge data theft of names and email addresses from the online marketing firm Epsilon.

In an email sent out to customers, the company said, "We have been informed by Epsilon, a company we use to send emails to our customers, that some M&S customer email addresses have been accessed without authorisation."

The US telco Verizon also joined the scores of companies, which include Capital One, Citigroup and JPMorgan Chase, in issuing a warning to people that their email address might have been taken.

For customers of the 50 or so companies affected, it raises the possibility that they will be hit with spear phishing attacks. This is where criminals, armed with peoples' names and email addresses and knowledge of where they shop, write targeted and sophisticated messages that people are more likely to fall for.

But some insecurity experts are dismissive about the seriousness of the phishing threat. Outspoken security guru Bruce Schneier said on his blog, "I have no idea why the Epsilon hack is getting so much press. Yes, millions of names and e-mail addresses might have been stolen. Yes, other customer information might have been stolen, too."

"Yes, this personal information could be used to create more personalized and better targeted phishing attacks. So what? These sorts of breaches happen all the time, and even more personal information is stolen." µ