Dan Goodin reports:
FBI agents looking into the theft of customer data belonging to McDonald’s are investigating similar breaches that may have hit more than 100 other companies that used email marketing services from Atlanta-based Silverpop Systems .
“The breach is with Silverpop, an email service provider that has over 105 customers,” Stephen Emmett, a special agent in the FBI’s Atlanta field office, told The Register. “It appears to be emanating from an overseas location.”
He declined to provide further details.
Read more in The Register, where Dan reports that deviantART specifically names Silverpop in their notification, and that because Walgreens reported in 2009 that it was using Arc Worldwide as its marketing agency (the same agency McDonald’s said they use), the Walgreens breach may also be linked to Silverpop.
In a statement to Crain’s, Silverpop wrote:
Silverpop “was among several technology providers targeted as part of a broader cyber attack,” the company said in a statement. “When we recently detected suspicious activity in a small percentage of our customer accounts, we took aggressive measures to stop that activity and prevent future attempts. Among other things, we unilaterally changed all passwords to protect customer accounts and engaged the FBI’s cybercrime division.”
Stay tuned, I guess.
Update 1: Silverpop’s CEO issued a statement on their blog on Dec. 15, suggesting that the media has erroneously attributed some breach(es) to them, but he does not provide specifics.