April 5, 2011, 8:02AM
List of Companies Hit By Epsilon Breach
26 Comments
UPDATED: The number of companies that was affected by the attack on online marketing firm Epsilon Data Management has continued to grow, virtually by the hour. Many retailers, banks and other firms sent out notification letters to their customers on Monday, and to help you keep track of who's affected, we've compiled a list of known companies victimized by the Epsilon attack.
There are likely to be even more companies that send out breach notification letters in the coming days, so check back for updates. If you know of others, please leave them in the comments section. One note: There are a number of companies whose customers are affected because they work with a third-party provider to issue a private label credit card. One of the providers that was affected was Alliance Data, Epsilon's parent company, which manages private-label cards for dozens of companies. Here is a list of companies known to have been affected so far:
AbeBooks
Ameriprise Financial
Ann Taylor credit card (provided by WFNNB)
Barclay's Bank of Delaware (this breach affects customers of several private-label Visa credit cards, including BJ's and L.L. Bean)
Benefit Cosmetics
Capital One
City Market
College Board
Dillons
Eddie Bauer
Eileen Fisher
Eurosport (Soccer.com)
Food 4 Less
Fred Meyer
Fry's Electronics
Hilton Honors program
Home Depot Credit Card (issued by Citibank)
Home Shopping Network
J. Crew credit card (provided by WFNNB)
JPMorgan Chase
Marks and Spencer
New York & Co.
QFC
Ralph's
Smith Brands
The Limited credit card (provided by WFNNB)
US Bank
Verizon
Recommended Reads
Commenting on this Article is closed.
Today's Most Popular
- Defense Contractor Northrop Grumman Hiring For Offensive Cyber Ops
- Iranian Students Claim to have Stolen Thousands of Researcher's Records
- Report: Diablo III Users Find Accounts Hacked, Gold Stolen And New 'Mystery' Friends
- Why Google Won't Protect You From Big Brother
- Forget 'Brogrammers,' Women Have The Edge In DEFCON Social Engineering Contest
Most Commented Stories
Newsletter Sign-up
Take Our Poll
The Internet Crime Complaint Center recently warned of malware targeting travelers connecting to Wi-Fi. When traveling, do you
Connect to anything
20%
Only connect to password-protected, secure connections
38%
Only use websites with HTTPS
28%
I don’t pay attention to how I access the internet while traveling
14%
Total votes: 65
Follow Threatpost
 |  |  |  |
| Tumblr |
Comments
1-800-Flowers
This isn't spam, but another company affected by the breach.
The College Board the people who bring missery to high school students with the SAT http://www.databreaches.net/?p=17335
Add "Airmiles" in Canada ot the list, I just got anotification from them. That one is huge.
I got one from Home Depot credit card services also.
Got this Monday from US Bank:
Here'sAs a valued U.S. Bank customer, we want to make you aware of a situation that has occurred related to your email address.
We have been informed by Epsilon Interactive, a vendor based in Dallas, Texas, that files containing your email address were accessed by unauthorized entry into their computer system. Epsilon helps us send you emails about products and services that may be of interest to you.
We want to assure you that U.S. Bank has never provided Epsilon with financial information about you. For your security, however, we wanted to call this matter to your attention. We ask that you remain alert to any unusual or suspicious emails.
Please remember that U.S. Bank will never request information such as your personal ID, password, social security number, PIN or account number via email. For your safety, never share this or similar information in response to an email request at any time.
Received this Monday 4/4/11
Chase is letting our customers know that we have been informed by Epsilon, a vendor we use to send e-mails, that an unauthorized person outside Epsilon accessed files that included e-mail addresses of some Chase customers. We have a team at Epsilon investigating and we are confident that the information that was retrieved included some Chase customer e-mail addresses, but did not include any customer account or financial information. Based on everything we know, your accounts and confidential information remain secure. As always, we are advising our customers of everything we know as we know it, and will keep you informed on what impact, if any, this will have on you.
We apologize if this causes you any inconvenience. We want to remind you that Chase will never ask for your personal information or login credentials in an e-mail. As always, be cautious if you receive e-mails asking for your personal information and be on the lookout for unwanted spam. It is not Chase's practice to request personal information by e-mail.
As a reminder, we recommend that you:
The security of your information is a critical priority to us and we strive to handle it carefully at all times. Please visit our Security Center at chase.com and click on "Fraud Information" under the "How to Report Fraud." It provides additional information on exercising caution when reading e-mails that appear to be sent by us.
Sincerely,
Patricia O. Baker
Senior Vice President
Chase Executive Office
Marks & Spencer too...
Add Soccer.com; just got the notice....
i received notice from tripadvisor and brookstone.
Recieved this the other day. You can add HSN to the list
Dear HSN Customer,
HSN values your trust and wants to make you aware of a recent incident. We learned from our email provider, Epsilon, that limited information about you was accessed by an unauthorized individual or individuals. This information included your name and email address and did not include any financial or other sensitive information. We felt it was important to notify you of this incident as soon as possible. We apologize for any inconvenience and have outlined below a number of email safeguards to help ensure your privacy online.
Email scams, spam, and other attacks on email systems are on the rise, but, by taking certain precautions when receiving emails, you can continue to safely use email for your business and personal needs:
We take your privacy very seriously and work diligently to protect your information, whether held by us or by our service providers. HSN's internal databases, which store all customer-provided data, were in no way compromised. Our email provider has taken significant steps to further protect the limited customer information held in its databases. If you have any questions or concerns regarding this incident, please contact us toll free at 1-800-933-2887 or email us at customerservice@hsn.com.
Sincerely,
Gregg Stallwood
Senior Vice President, Customer Care – HSN
Please do not reply to this email. If you would like to contact us, please call us toll free at 1-800-933-2887 or email us at customerservice@hsn.com.
HSN Interactive LLC | Attn: Customer Service | 1 HSN Drive | St. Petersburg, FL 33729
I find it a bit dismaying that we are continually receiving email from various companies that security in some fashion has been compromised. While I realize in a global economy such as we have that information is relatively free for the taking, I think companies sharing/collecting such information should be held to a higher standard of protection. Hackers will get in if they really want to - but this type of thing verges on the ridiculous.
Maybe it is time for companies to put a halt to their information gathering and sharing - for the good of their clients. It seems in the mad rush to be top dog, these companies have forgotten that without us, the clients, they are nothing. They sure don't cut us any breaks if our identity is stolen due to something like this ... our grandparents taught us the old saying "an ounce of prevention is worth a pound of cure" ... perhaps the "big boys" should pay more attention to that simple statement, and take better care of the information their clients are willing to share with them!
TechTeam Global also should be added to the list, as I received an email from them yesterday. I worked for them for a year, so I was on their emailing list.
Annie Sez should be added to the list
Add Verizon to the list:
Dear Verizon Customer,
We have been informed by Epsilon, a provider of Verizon's email marketing services, that your email address was exposed due to unauthorized access to its systems. Verizon uses Epsilon to send marketing communications on our behalf.
Epsilon has assured us that the information exposed was limited to email addresses, and that no other information about you or your account was exposed.
As always, you should be cautious when opening email links or attachments from unknown or suspicious parties, or emails purporting to be from Verizon and asking for financial or account password information. It is our policy to never ask for this information in emails. If you receive such emails, do not reply to them. You can report suspect or unwanted emails to Verizon at abuse@verizon.net and can obtain more information on how to protect against spam and phishing attacks on Verizon's Privacy Policy page by clicking on "Tips for Guarding Your Information" located at the top right hand corner of the page. Our privacy policy can be found at Verizon.com/privacy.
We regret any inconvenience this may cause you. Please be assured that we take the privacy of your information very seriously.
Sincerely,
Verizon
One of our email distribution groups received the fake security update which purported to be from QuickBooks.
http://fireepsilon.blogspot.com/
Why did Paypal all of a sudden require thier customers to verify that they want their mailings? that is rather suspiciaous. I say Palpal/Ebay was part of it but they have not confessed that they give out info to Epsilon.
Ameritrade needs to be added
Ameritrade needs to be added
Charter Communications has also sent out notices to it's customers.
Micro Center has sent out letters to their customers for that have credit cards.
You can add:
Exxon/Mobil
Shell
BP/Amoco
You can add:
Exxon/Mobil
Shell
BP/Amoco
Woman Within
King Size