Trailrunner7 writes "What might the criminals who broke into Epsilon do with the email lists they have? The easiest thing to do is to sell these data sets on the black market or, potentially, to competitors of victim firms. According to the latest data from data-breaches.net, totals are up to 57 customers including credit card providers with branded cards — Visa (notices sent for at least 3 cards), the World Financial Network National Bank (12 cards) and Citi (3 cards). The criminals may make some money there and re-invest it into technology or services for other efforts. Once an attacker has gained a foothold on one or more systems used by their mark, they can begin harvesting credentials. The frequency with which average consumers use the same username/password combination across multiple sites is such that such information could lead to accessing other potentially-existing accounts on high-profile social networks."