Countless thousands exposed in attack on e-mail marketing company
On Friday, email marketing and solutions company Epsilon announced its system had been hacked on March 30, and the email addresses and customer names of "a subset of Epsilon clients" were exposed. The company handles the permission-based email marketing campaigns of more than 2,500 major corporations and the list of companies involved in the breach continued to grow over the weekend.
TiVo, for example, sent a message to its subscribers on Sunday warning that the first names and email addresses of customers who opted into email updates have been exposed.
"Your service and any other personally identifiable information were not at risk and remain secure," the message said. "Please note, it is possible you may receive spam email messages as a result. We want to urge you to be cautious when opening links or attachments from unknown third parties."
Nearly every company involved has sent out a similar communique to its customers, warning that their email and name were exposed, but reminding that their financial information was not. This includes companies such as:
- Capitol One
- JP Morgan Chase
- U.S. Bank
- Barclays Bank of Delaware
- Ameriprise Financial
- Robert Half International
- Ritz Carlton Rewards
- Marriott Rewards
- Hilton Hotels
- Red Roof Inn
- McKinsey & Co.
- Home Shopping Network
- New York & Company
- The College Board
- LL Bean
- Benefit Cosmetics
- Disney Destinations
- Best Buy (Reward Zone/Credit Cards)
- Ethan Allen
- The Home Depot
National grocery store chain Kroger warns affected customers that this breach could trigger social engineering attacks.
"Kroger would never ask you to email personal information, such as credit card numbers or social security numbers," the company said. "If you receive such a request, it did not come from Kroger and should be deleted."
Epsilon says the breach is still being investigated, and we will continue to update the list of companies whose mailing lists were compromised as they become known.
If you've received an email from a company you don't see on our list, let us know.