The big breach at Epsilon, the Dallas-based online marketing vendor to more than 2,000 businesses, has stoked a lot of worry about the fallout for banks and other financial institutions. The fear is that whoever hit the company may eventually sell the data--customer names and associated emails but no social security numbers or personal information--to bad actors, or they may start targeting individual names themselves.

In any case, we're seeing more companies come forward with warnings to their customers. Citigroup said recently that customer names and some credit card customers' email addresses were part of the data breach. That follows similar announcements from Capital One and JPMorgan Chase. More banks may have been affected.

As of now, Epsilon has yet to release a list of affected companies. However, others have come forward. The College Board, for example, has warned customers and asked them to be cautious about receiving "links or attachments from unknown third parties."  

The apprehensionis that bad actors will be able to use the information to craft ingenious phishing scams, increasing their chances of getting customers to provide access to their accounts.

Luckily no PII was stolen, unlike the fraud at Heartland Payments Systems several years ago. Recall that the notorious hacker Albert Gonzalez was eventually caught, after he stole 40 million payment card numbers, and sentenced to 20 years in jail.

For more:
- here's a Reuters article

Related Articles:
Epsilon breach should strike fear in hearts of companies
Biggest ever data breach?