Massive Database Hacked; Emails Stolen

Contributing Writer
Updated

There's a chance that at least one of your email addresses could be in unknown hands, following a hacking incident last week.

Epsilon, the world's largest permission-based email marketing company, issued a statement last Friday. It was not an April Fool's Day gag.

On March 30th, an incident was detected where a subset of Epsilon clients' customer data were exposed by an unauthorized entry into Epsilon's email system. The information that was obtained was limited to email addresses and/or customer names only. A rigorous assessment determined that no other personal identifiable information associated with those names was at risk. A full investigation is currently underway.

Epsilon getting hacked meant that many of the company's client lists are potentially compromised. TiVo was one of the companies that independently notified its customers. Best Buy today sent out the following email, which just showed up in my own inbox:

Dear Valued Best Buy Customer, 

On March 31, we were informed by Epsilon, a company we use to send emails to our customers, that files containing the email addresses of some Best Buy customers were accessed without authorization. 

We have been assured by Epsilon that the only information that may have been obtained was your email address and that the accessed files did not include any other information. A rigorous assessment by Epsilon determined that no other information is at risk. We are actively investigating to confirm this. 

For your security, however, we wanted to call this matter to your attention. We ask that you remain alert to any unusual or suspicious emails. As our experts at Geek Squad would tell you, be very cautious when opening links or attachments from unknown senders. 

In keeping with best industry security practices, Best Buy will never ask you to provide or confirm any information, including credit card numbers, unless you are on our secure e-commerce site,www.bestbuy.com. If you receive an email asking for personal information, delete it. It did not come from Best Buy. 

Our service provider has reported this incident to the appropriate authorities. 

We regret this has taken place and for any inconvenience this may have caused you. We take your privacy very seriously, and we will continue to work diligently to protect your personal information. For more information on keeping your data safe, please visit:
http://www.geeksquad.com/do-it-yourself/tech-tip/six-steps-to-keeping-your-data-safe.aspx. 

Sincerely, 

Barry Judge 
Executive Vice President & Chief Marketing Officer 
Best Buy

Epsilon's other clients include:

• Kroger

• TiVo

• US Bank

• JPMorgan Chase

• Capital One

• Citi

• Home Shopping Network

• Ameriprise Financial

• LL Bean Visa Card

• McKinsey & Company

 • Ritz-Carlton Rewards

• Marriott Rewards

• New York & Company

• Brookstone

• Walgreens

• The College Board

• Disney Destinations

• Best Buy

• Robert Half Technologies

For more on the story, and an updated listing of potentially affected companies, hit up SecurityWeek.