The databases of the world's largest email marketer were hacked last week, which means customers of major brands such as Citi, Marriott and Disney may soon find their in-boxes filling up with phishing scams.Epsilon hosts databases of more than 2,500 clients, including seven of the Fortune 10, which they use to market to millions of customers. On April 1, Epsilon released the following brief statement:
The company gave no further details about the number of clients whose databases were hacked, or the number whose names and emails were stolen.
Epsilon did not immediately respond to Consumer Ally requests for comment. If and when they do reply, we'll update this story.
Epsilon, which describes itself as "the world's largest permission-based email marketing provider," sends more than 40 billion emails annually, so the number of stolen names and email addresses may well number in the millions.
Because the hackers managed to steal both names and email addresses of consumers, identity thieves may be able to use them to penetrate home computer defenses by sending targeted phishing emails from supposedly trusted sources.
Although Epsilon's not naming names, Security Week published the following list of Epsilon clients whose databases it says were among those hacked:
- Kroger
- TiVo
- US Bank
- JPMorgan Chase
- Capital One
- Citi
- Home Shopping Network (HSN)
- McKinsey & Company
- Ritz-Carlton Rewards
- Marriott Rewards
- New York & Company
- Brookstone
- Walgreens
- The College Board
- Disney Destinations
- Best Buy
Chase is letting our customers know that we have been informed by Epsilon, a vendor we use to send emails, that an unauthorized person outside Epsilon accessed files that included email addresses of some Chase customers. We have a team at Epsilon investigating and we are confident that the information that was retrieved included some Chase customer email addresses, but did not include any customer account or financial information. Based on everything we know, your accounts and confidential information remain secure. As always, we are advising our customers of everything we know as we know it, and will keep you informed on what impact, if any, this will have on you.
Hackers also broke into TripAdvisor's servers last month, making off with an unknown number of emails from the popular travel site, which boats 20 million members.We apologize if this causes you any inconvenience. We want to remind you that Chase will never ask for your personal information or login credentials in an email. As always, be cautious if you receive e-mails asking for your personal information and be on the lookout for unwanted spam. It is not Chase's practice to request personal information by email.
As a reminder, we recommend that you:
- Don't give your Chase OnlineSM User ID or password in email.
- Don't respond to emails that require you to enter personal information directly into the email.
- Don't respond to emails threatening to close your account if you do not take the immediate action of providing personal information.
- Don't reply to emails asking you to send personal information.
- Don't use your email address as a login ID or password.
The security of your information is a critical priority to us and we strive to handle it carefully at all times. Please visit our Security Center at chase.com and click on "Fraud Information" under the "How to Report Fraud." It provides additional information on exercising caution when reading emails that appear to be sent by us.
Sincerely,
Patricia O. Baker
Senior Vice President
Chase Executive Office
Powered By iWebRSS.com
