skip to main |
skip to sidebar
Should E-Mail Addresses Be Considered Private Data? A database of e-mail addresses and other contact information stolen from business software provider Salesforce.com is being used in an ongoing series of targeted e-mail attacks against customers of several Salesforce.com business clients, including SunTrust and Automatic Data Processing Inc. (ADP), one of the nation's largest payroll and tax services providers.
SunTrust spokesperson Hugh Suhr said the purloined data included the names, e-mail addresses and physical addresses for about 40,000 SunTrust customers. He said the customer list was stolen from a database held by Salesforce.com, and that contact information for ADP customers also was lifted from Salesforce.
In August, job search giant Monster.com's resume database was breached by hackers, exposing confidential data on 1.3 million job seekers. The attackers then used the contact information from that database to send users targeted e-mails that appeared to come from Monster.com. Recipients were directed to click on a link in the message, which tried to install malicious software through Web browser security vulnerabilities.
Last year, phishers used a stolen database of Indiana University student and faculty e-mail addresses to conduct a targeted attack against roughly 24,000 students. That attack netted close to 80 victims, a relatively high success rate for a phishing scam with such a limited base of recipients.
