Fraudsters now have access to names and active email accounts, coupled with information about which particular brands individuals have relationships with. Having access to this kind of data is like a gold mine for these scammers, not only opening the door to an increase in spam and phishing attacks, but also to spear phishing and other targeted attacks on customers who expect communications from these brands.
The complete impact of the Epsilon breach remains to be seen, but brands, especially those impacted by the attack, ought to proactively monitor for additional scams targeting their customers. A response and communications plan (e.g. the Online Trust Alliance’s 2011 Data Breach & Loss Incident Readiness Guide provides best practices and sample notification letters) should be ready for promptly shutting down such scams and notifying customers, in case an Epsilon domino effect becomes reality.