FYI: Data Breach - Third-Party Email Vendor - Affects Kroger, Chase, Capital One ...

[guyver01]

Epsilon Data Breach Update: Other Epsilon customers affected by the breach include JPMorgan Chase, Capital One, Marriott Rewards, McKinsey's online publication, McKinsey Quartery, specialty apparel chain New York & Company, Inc. and TiVo.

http://www.securityweek.com/massive-breach-epsilon-compromises-customer-lists-major-brands

Due to the growing list of brands disclosing that they have been compromised as a result of this breach, I’m going to go ahead and tag this as a massive breach. And I only expect it to get bigger as more announcements come out from Epsilon customers.

Last night we reported on a breach at marketing services provider, Epsilon, the world’s largest permission-based email marketing provider. Initially we wrote that the breach had affected Kroger, the nation's largest traditional grocery retailer.

It turns out that Kroger is only one of many customers affected by the breach at Epsilon.

Epsilon sends over 40 billion emails annually and counts over 2,500 clients, including 7 of the Fortune 10 to build and host their customer databases.

Grocery giant, The Kroger Co., notified customers today that the database storing its customers' names and email addresses had been breached. The company said incident occurred at Epsilon, the third-party vendor Kroger uses to manage its customer email database and communications.

Kroger stressed to its customers that the only information obtained was names and email addresses of customers.

In a separate announcement, Epsilon said that on March 30th, an incident was detected where a subset of its clients' customer data were exposed by an unauthorized entry into Epsilon's email system. Epsilon says a rigorous assessment determined that no other personal identifiable information associated with those names was at risk and that a full investigation is currently underway.

http://www.securityweek.com/kroger-notifies-customers-data-breach-stemming-third-party-email-vendor

 

[minendo]

Got a notification from TiVo today.

 

[l0cke]

I got an email from collegeboard.com that they were also breached.

 

[guyver01]

Here's the official press release from Epsilon:

IRVING, TEXAS – April 1, 2011 - On March 30th, an incident was detected where a subset of Epsilon clients' customer data were exposed by an unauthorized entry into Epsilon's email system. The information that was obtained was limited to email addresses and/or customer names only. A rigorous assessment determined that no other personal identifiable information associated with those names was at risk. A full investigation is currently underway.

http://www.epsilon.com/News%20&...Unauthorized_Entry_into_Email_System/p1057-l3

 

[bunnyfubbles]

this is Skynet's doing no doubt

 

[Anubis]

im clean

 

[CPA]

Add US Bank to that list. I've received notice from them and Kroger.

 

[RobertE]

Add Disney Rewards to the list as well.

 

[TwiceOver]

Saw the email from TiVo. Nothing from CrapitolOne yet.

 

[nageov3t]

email from tivo said email + first name... doesn't seem to be anything worth losing sleep over.

 

[BarkingGhostar]

this is Skynet's doing no doubt

Skynet ain't going email you of the impending doom.

 

[GTaudiophile]

I have a Chase Visa...but nothing yet from them.

 

[sjwaste]

Add US Bank to that list. I've received notice from them and Kroger.

Same here.

 

[Delita]

Yeah I got an email from McKinsey Quarterly saying there is a possibility I would be getting spam sometime in the future.

 

[Matt915]

meh....email address & name? Not too hard to get anyway. I'm not worried..yet

 

[blurredvision]

meh....email address & name? Not too hard to get anyway. I'm not worried..yet

Same here. I got my email about it yesterday and if it's just my email and not my account information as I'm told, then big whoop. Anybody who wants my email already has it anyway and I'm not stupid enough to fall for any phishing scams.

 

[marvdmartian]

Skynet ain't going email you of the impending doom.

Unless it's at the last minute, just to be mean, and send something akin to, "Nanny-nanny-boo-boo!! I just NUKED YOU!!!"


Really only one way to solve this dilemma.... have the company whose security sucked pay each affected person a one-time booby prize of $500. Seems only fair, right? :whiste:


Oh yeah.....and how screwed up is it, that Firefox spell check tagged Skynet as misspelled, and I had to add it to the dictionary? Hello? Firefox geeks? HELLO??

 

[ultimatebob]

I was a Chase and a Capital One customer... I wonder if they'll send me a e-mail.

Edit: Robert Half technology was also impacted. They just sent me the "you're getting more spam, sorry about that" e-mail like the one Tivo sent.

 

[JTsyo]

Hilton also uses them. I got e-mails from Hilton and Chase so far.

 

[Capt Caveman]

BestBuy also.

 

[Delita]

Add AbeBooks to the list.

 

[AstroManLuca]

Got a notification from Chase.

But honestly, I've had my current email a long time. It gets a lot of spam. When I started using it, I didn't use an alternate email for forum registrations and the like. Gmail does a good job of filtering out nearly all of it. If my level of spam does go up, I won't notice.

 

[Homerboy]

Got a notification from Chase.

But honestly, I've had my current email a long time. It gets a lot of spam. When I started using it, I didn't use an alternate email for forum registrations and the like. Gmail does a good job of filtering out nearly all of it. If my level of spam does go up, I won't notice.

Agreed.
0 * infinity is still 0

 

[skyking]

got a fishing email from 'citibank' from this.

 

[ViviTheMage]

best buy reward zone was hit too? LOL, I haven't used that in years.