NEW YORK -- With the possible theft of millions of consumer e-mail addresses from an advertising company, several large companies have started warning customers to expect fraudulent e-mails that try to coax account login information from them.
A dozen companies said over the weekend that hackers may have learned their e-mail addresses because of a security breach at a Dallas-based company called Epsilon that manages e-mail communications. Among the affected companies are banks such as Capital One Financial, Barclays Bank, U.S. Bancorp, Citigroup and JPMorgan Chase & Co., and retailers including Best Buy, TiVo, Walgreens and Kroger.
The College Board, the not-for-profit organization that runs the SATs, also warned that a hacker may have obtained student e-mail addresses.
Epsilon said Friday that its system had been breached, exposing e-mail addresses and customer names but no other personal information.
The e-mail addresses could be used to target spam. It's also a standard tactic among online fraudsters to send e-mails to random people, purporting to be from a large bank and asking them to log in at a site that looks like the bank's site. Instead, the fraudulent site captures their login information and uses it to access the real account.
The data breach could make these so-called "phishing" attacks more efficient by allowing the fraudsters to target people who actually have an account with the bank.