Millions exposed in massive Epsilon security breach

By on Apr 4, 2011 at 10:59 AM
Security April 4, 2011

In what may be one of the largest digital security breaches in United States history, millions of customer email addresses have been exposed as a result of a breach at Epsilon. BGR reported on Saturday that TiVo customer email adresses had been compromised as a result of unauthorized access to online marketing company Epsilon’s servers. Following that report, several other companies have come forward to confirm that their customers’ email adresses may have been exposed. Those potentially affected include customers enrolled in Best Buy’s Reward Zone program as well as customers of Citigroup, J.P. Morgan Chase, TiVo, Barclays, Walgreens, U.S. Bancorp, Capital One, HSN and College Board, which represents almost 6,000 different U.S. colleges and universities. “A subset of Epsilon clients’ customer data were exposed by an unauthorized entry into Epsilon’s email system,” Epsilon said in a statement last week. The company insists that only names and email addresses may have been compromised, and that sensitive information such as social security numbers, credit card numbers and passwords were not accessed.

Tags:
, , , , , , , , , , , ,
19 Comments

Related Articles

  • http://twitter.com/daveandcori David Andrade

    I have accounts with many of the companies listed, but only received notice from the College Board. Wondering why the rest haven’t let me know yet?

    • Anonymous

      as a Info Security Person, there is some question as to the requirement to notifiy. Email addresses are not considered confidential information, nor are names and addresses. Once you notify under breach notification laws, you bear the responsibility to follow through with ongoing protections and support. if the site you use likes/allow to use your email address as your account username, those are of even higher risk and expect those to be the first to notify them

      I’ve talked to a few of my colleagues at affected organizations, and my guess you should expect more to announce soon, but many others are stepping up other controls, such as anti-phishing services, fraud controls, and other efforts.

  • Hbrenner

    Got an email from Hilton Honors as well

  • Anonymous

    Brookstone and Hilton have notified me that they are affected also

  • sirpaul

    Canadians are affected as well, right?

    • http://profiles.google.com/seanmatthews Sean Matthews

      Yup. Got an email from Best Buy Canada today with similar wording.

      • YJGUY

        So did I. I love the fact that the Best Buy response letter comes from the Marketing Director, not the Privacy Manager. I guess it shows the angle they’ve chosen to lead with.

  • Jacktetero

    Got emails from chase about this also

  • Anonymous

    krogers also effected

  • Fractalsphere

    I got TWO emails this morning – one from TiVo and one from Chase Bank. I feel so secure right now. :-/

    • http://www.twitter.com/hokes Brendan

      If you trust them when they say only your name and email address were compromised, you shouldn’t be worried. It just means your spam filter will be working harder now.

  • blada

    wow i really hope they arent lying about this being only email addresses and names.

  • RickCJ7

    I got one from Wells Fargo.

  • chris

    I received an email from best buy this morning as well. Scary stuff

  • http://www.facebook.com/profile.php?id=1366260122 Nikel Ramlogan

    soo whats someone going to do with all this info?spam?

  • Rob Lowry

    It really depends on how much you believe the company is telling the truth -AND- the intentions of the person(s) who nabbed the list. Possibly, they’re just spammers and want a fresh list of people to send mail too. Potentially the list could be used for a lot worse.

    In general, I’d say people need take a couple actions of their own … especially if your login ID to any of these sites is your email id.

    In order to break into anything, a hacker needs 2 things: 1.) a login ID 2.) a password.
    Somebody now has a huge list of potential login IDs and armed with a few bots can attempt to figure out your password by attempting a login in a way that doesn’t trip the failed attempt count.

    a. ) If you have a weak password (something in a dictionary) change it.
    b.) If you have the ability, change your login ID.
    c.) If you can do it without a lot of grief, change you email ID … this last suggestion may cause too many problems for some but at least consider it.

  • Twest

    Best Buy email last night…Chase this morning…and now, as of a minute ago, Target.

  • guest

    I just received a email from Target. some one took their eye off the bulls eye

  • angrydadof2

    Interesting that Epsilon states that “only names and email addresses were compromised.” Good for them! Now, since “only email addresses” were compromised, my inbox is packed full of crap spam. All of my friends and contacts are getting virus laden email sent to them from me. I’ll have to close my email account and get a new one.
    But, as Epsilon reports, this is ok because they didn’t get my personal information!!!

blog comments powered by Disqus