Skip to main content

Massive Database Hacked; Emails Stolen

There's a chance that at least one of your email addresses could be in unknown hands, following a hacking incident last week.

Epsilon, the world's largest permission-based email marketing company, issued a statement last Friday. It was not an April Fool's Day gag.

On March 30th, an incident was detected where a subset of Epsilon clients' customer data were exposed by an unauthorized entry into Epsilon's email system. The information that was obtained was limited to email addresses and/or customer names only. A rigorous assessment determined that no other personal identifiable information associated with those names was at risk. A full investigation is currently underway.

Epsilon getting hacked meant that many of the company's client lists are potentially compromised. TiVo was one of the companies that independently notified its customers. Best Buy today sent out the following email, which just showed up in my own inbox:

Dear Valued Best Buy Customer, On March 31, we were informed by Epsilon, a company we use to send emails to our customers, that files containing the email addresses of some Best Buy customers were accessed without authorization. We have been assured by Epsilon that the only information that may have been obtained was your email address and that the accessed files did not include any other information. A rigorous assessment by Epsilon determined that no other information is at risk. We are actively investigating to confirm this. For your security, however, we wanted to call this matter to your attention. We ask that you remain alert to any unusual or suspicious emails. As our experts at Geek Squad would tell you, be very cautious when opening links or attachments from unknown senders. In keeping with best industry security practices, Best Buy will never ask you to provide or confirm any information, including credit card numbers, unless you are on our secure e-commerce site,www.bestbuy.com. If you receive an email asking for personal information, delete it. It did not come from Best Buy. Our service provider has reported this incident to the appropriate authorities. We regret this has taken place and for any inconvenience this may have caused you. We take your privacy very seriously, and we will continue to work diligently to protect your personal information. For more information on keeping your data safe, please visit:http://www.geeksquad.com/do-it-yourself/tech-tip/six-steps-to-keeping-your-data-safe.aspx. Sincerely, Barry Judge Executive Vice President & Chief Marketing Officer Best Buy

Epsilon's other clients include:

• Kroger

• TiVo

• US Bank

• JPMorgan Chase

• Capital One

• Citi

• Home Shopping Network

• Ameriprise Financial

• LL Bean Visa Card

• McKinsey & Company

 • Ritz-Carlton Rewards

• Marriott Rewards

• New York & Company

• Brookstone

• Walgreens

• The College Board

• Disney Destinations

• Best Buy

• Robert Half Technologies

For more on the story, and an updated listing of potentially affected companies, hit up SecurityWeek.

  • memadmax
    One of the problems with data warehousing.....
    Reply
  • Pawessum16
    Dang it! More spam for my spam box
    Reply
  • DXRick
    Meh. I think they all already have mine. Time to crank up the SPAM filter...
    Reply
  • mrmotion
    We regret this has taken place and for any inconvenience this may have caused you. We take your privacy very seriously, and we will continue to work diligently to protect your personal information. For more information on keeping your data safe, please visit:
    http://www.geeksquad.com/do-it-yourself/tech-tip/six-steps-to-keeping-your-data-safe.aspx.

    What about you guys? what website do you visit about keeping my data safe? WTF?
    Reply
  • elel
    mrmotionWe regret this has taken place and for any inconvenience this may have caused you. We take your privacy very seriously, and we will continue to work diligently to protect your personal information. For more information on keeping your data safe, please visit:http://www.geeksquad.com/do-it-you safe.aspx. What about you guys? what website do you visit about keeping my data safe? WTF?Certainly not that one. That link's broken! :lol:
    Reply
  • house70
    Thanks for the link, I already know how to keep my data safe; that can not be said of you, who already got my data stolen. Gotta love spins like that, where somehow the client is responsible for the company's f**k-up.
    Let it be said, these so-called 'hackers" are mere employees of the said Epsilon company that sold their clients out for a decent lump of cash. I see those occurrences on a regular basis, but never a follow-up on that, like "we caught the bad guys, or we are in the process of catching the bad guys, will let you know".
    That would minimum of courtesy shown to a client who was let down by you; even the police, after one reports theft, gets back to you with some sort of conclusion. These companies, however, are above any rules of decent behavior, unless it makes them money right then and there.
    And, somehow, there are never consequences to their mistakes... They keep in business without even a slap on the wrist, even though their mistakes are very costly for us (try fixing your credit score and you'll see what I'm talking about).
    Reply
  • I am already getting personalized phishing messages that include my name - so far they are at least poorly written. I doubt that all they got was an email address and name - they probably also got phone numbers, addresses, job titles, etc.
    Reply
  • sag0
    Darn...got it too
    Reply
  • jfby
    I read someone here say it best: the WWW is like the Wild West, and it's probably not going to be more secure anytime soon. I try and limit my online purchases to the use of a credit card that has outstanding protection against fraud and am very mindful of my credit score. Beyond that I just try and use common sense.
    Reply
  • fayzaan
    mah internets got hacked! oh noes!!!
    Reply