How many times did Epsilon lose your personal email data?

April 4, 2011 9:24 PM
Dean Takahashi
Add a Comment

Epsilon, the largest email marketing company, is reeling from a huge breach of its clients’ personal email data. At least 19 major brands (and as many as 50) have been affected by the cyber attack, where hackers broke into the company’s systems and stole names and email addresses of lots of people.

Epsilon said that only 2 percent of its users had their name and email stolen. But that could add up to a very large number of users — surely in the millions — as Epsilon handles email marketing services for more than 2,500 companies. The problem is that cyber criminals can now use those email lists to send phishing attacks — with personalized messages from brands that consumers do business with — that could be much more effective than random email spam. The company says a full investigation is underway.

I received two emails — yeah, can you beat that number? — from some of those brands saying that my data had been leaked and that I should beware of suspicious emails. If you have signed up for or opted into email or other digital marketing campaigns from the affected brands, there’s a chance the thieves have your name and email. Epsilon sends billions of emails a year on behalf of its clients. That is jarring for consumers, since they’re getting emails today from brands who say they turned over their email address and the name that goes with it to an outsourcing company, Epsilon, that nobody ever heard about. The advice for now is, don’t respond to any new messages coming from these brands, and certainly don’t click on anything in your warning email.

Best Buy, one of the chains that was hit, told customers that it will never ask anyone to provide information such as credit card numbers unless they are on its secure e-commerce site http://www.bestbuy.com. If you receive an email asking for the personal information, you should delete it because “it did not come from Best Buy.” Citibank told customers it would send emails using your first and last name, the last four digits of a Citi credit account number, and the “member since” date to show that it’s a legitimate email.

The list includes the following companies. Please leave comments below about how many times your email was stolen and whether there are more companies than the ones below that are affected:

Target
Best Buy
Walgreen’s
Capital One
TiVo
JP Morgan Chase & Co.
Kroger
US Bank
Citi
McKinsey & Company
Ritz-Carlton Rewards
Marriott Rewards
New York & Company
Brookstone
The College Board
Home Shopping Network (HSN)
LL Bean
Disney Destinations
Barclays Bank of Delaware

[image credit: malwareresearchgroup]

  • http://profiles.google.com/felipe.palha Felipe Palha

    I got an e-mail from Hilton Honors, so you can add that to your list.

  • http://twitter.com/pwnovak Paul Testani-Novak ✔

    I am up to 5 notices now. Some additional companies:HiltonKing Soopers (I think a they are a Kroger subsidiary)Astra-ZenecaRobert Half Finance & AccountingRobert Half Management ResourcesRobert Half LegalRobert Half TechnologyThe Creative Group

  • http://twitter.com/imanomstronaut Jackie Huynh

    1-800-FLOWERS sent me a notice. I got two more from Chase and Target, bringing me to three.

  • http://twitter.com/Ironlynnx Rick Ned

    I have received about 3-4 so far. One was bad, two was concerning, but three and four is just outrageous. And if the hacker got into their system and was able to access so much, what else got hacked?

  • http://twitter.com/TjCox1993 Tosh Chareton

    I got Chase Bank!

  • http://twitter.com/TjCox1993 Tosh Chareton

    I got Chase Bank!

  • sarahx

    Add HiltonHonors – I got a note from them tonight naming Epsilon.As a side note, please ask Epsilon when they discovered the breach, and when they notified their customers and internal teams. How long did it take them to notify the public? Also, were any other databases compromised, or just the individual company email databases? Some ESPs build broader individual consumer profiles based upon other sources and sell the ability to cross-reference for better targeting. I do not know if Epsilon does this, but if so, it would be important for consumers to know if more than names/emails were compromised.

  • http://twitter.com/mjsante Jasmine Sante

    Bebe too

  • http://venturebeat.com deantak

    Wow, thanks for all the new info. I'm so glad that Epsilon only lost two percent.

  • http://joostschuur.com Joost Schuur

    Got two: TiVo and AbeBooks

  • Woody_Kerbox

    I got one from McKinsey saying someone had stolen the data and I might get some spam emails…no spam yet.

  • jess922106

    Saturday I received one notification from HSN, yesterday one from Abe Books (not too sure who they are), today one from Beach Body, and just a few minutes ago one from Walgreens.

  • umphreakin

    HiltonHonors, Best Buy and–ironically–Robert Half Group, which I signed up for in response to a contract position for an email relationship marketing project…hah!I think Epsilon deserves to be slammed with the world's biggest pile-on class-action lawsuit.

  • Winter

    I know that on MARCH 31st, my email I use for buying things and belonging to for instance HiltonHHonors, was hacked into and messages sent to everyone in my mail box with a attachment for them to click on.Then this morning an email from Target and tonight one from HiltonHonors and a few minutes ago one from 1800flowers. So time wise, you can figure before March 31st is when epsilon's security was breached.Apparently I'm one of the FEW to be affected by the security breach.

  • http://twitter.com/PsykoSmiley Psy-ko Smiley

    I got hilton honors & moneygramAccording to this the breach happened March 30th.http://www.epsilon.com/News%20… I haven't recieved any spam yet but thats almost more worrisome. If they didn't take our info to spam us, why did they take it?

  • http://twitter.com/Rudyn0101 Rudy Nemeth

    I got Hilton Honors and Beachbodies

  • http://epcostello.com/ e.p.c.

    Add Red Roof Inns to the list.I was thinking, people keep thinking about this as individual lists. As valuable as they may be to spammers, whoever copied the data now has the aggregate information we so readily whine about internet marketers collecting. Think about the marketing possibilities one could generate by mashing all of the data together.

  • Robert45506

    Mine is from Chase,TiVo, and Kroger. Same here a email with a blue link is sent to everyone in my contact list including the affected email. It Started before March 31st as well. averaging around 30 spam emails per day.

  • Eclassmeag

    I got Hilton Honors, New York and Company and 1-800 Flowers. I am really unhappy about this

  • tivoboy

    I got emails from TIVO, Bestbuy, TARGET, Mckinsey, WALGREENS, Viking River Cruises, Two from CHASE, Hilton hotels, 1-800 flowers, Ralphs, what is that like eleven.!! crazy

  • Eclassmeag

    I just got another one from Marriott…. oh joy

  • http://twitter.com/markmusolino Mark Musolino

    I received 2 notices: Best Buy, and Home Depot (not on the list already).

  • http://pulse.yahoo.com/_2GKFPUGZSAXETB5UJCB4RLEGX4 Michael

    I got Citi, Kroger, Target and our cable company Charter Communications. I suspect Epsilon's damage control works via lying. Some of these companies have my financial information too. I'm waiting for the other shoe to drop.

  • http://profiles.google.com/kiwanda88 Derek Larson

    Five for me so far– add TIAA-CREF to your list.

blog comments powered by Disqus