UPDATED: The number of companies that was affected by the attack on online marketing firm Epsilon Data Management has continued to grow, virtually by the hour. Many retailers, banks and other firms sent out notification letters to their customers on Monday, and to help you keep track of who’s affected, we’ve compiled a list of known companies victimized by the Epsilon attack.
There are likely to be even more companies that send out breach notification letters in the coming days, so check back for updates. If you know of others, please leave them in the comments section. One note: There are a number of companies whose customers are affected because they work with a third-party provider to issue a private label credit card. One of the providers that was affected was Alliance Data, Epsilon’s parent company, which manages private-label cards for dozens of companies. Here is a list of companies known to have been affected so far:
AbeBooks
Ameriprise Financial
Ann Taylor credit card (provided by WFNNB)
Barclay’s Bank of Delaware (this breach affects customers of several private-label Visa credit cards, including BJ’s and L.L. Bean)
Benefit Cosmetics
Capital One
City Market
College Board
Dillons
Eddie Bauer
Eileen Fisher
Eurosport (Soccer.com)
Food 4 Less
Fred Meyer
Fry’s Electronics
Hilton Honors program
Home Depot Credit Card (issued by Citibank)
Home Shopping Network
J. Crew credit card (provided by WFNNB)
JPMorgan Chase
Marks and Spencer
New York & Co.
QFC
Ralph’s
Smith Brands
The Limited credit card (provided by WFNNB)
US Bank
Verizon
1-800-Flowers
I have included a list of the kinds of product offering from Epsilon to better enable ISO and individuals to help defend against the types of attacks which will come of this breach down the road. (6months to a year or two out) WIth a hosts of privacy rules, federal laws/regulations and state laws/regulations my fear is that Epsilon will not fully disclose what was compromised and made public. No matter how painful to their business goals it is important that Epsilon provide a full accounting of the who, what, where, when and how of the breach.
For example, some sites use pet names for password resets. This breach is a treasure trove of information with far reaching implications.
*********************************************************************************
+
Some of the personally identifiable information Epsilon Sells:
Age
Childern
Email Address
Mail Order Addresses
Professions
Astrology
Computer Type
Ethnic Information
Religion
Business type
Insurance preferences
Pets
Residence
Buyer of household
Donor information to charities
Lifestyle
Political Affiliations
Senior information age
*********************************************************************************
+
Epsilon’s Product Data Cards (Types of Data):
American Smokers Registry
BusinessClass List Builder From Equifax
Epsilon TargetSource US – Ailments/Health
Epsilon TargetSource US – Avid Readers
Epsilon TargetSource US – Charitable Donors
Epsilon TargetSource US – Collectors
Epsilon TargetSource US – Computer and Internet Users
Epsilon TargetSource US – Cooking and Culinary
Epsilon TargetSource US – Financial Services Sector
Epsilon TargetSource US – Gardening Enthusiasts
Epsilon TargetSource US – Higher Education
Epsilon TargetSource US – Hobbies and Interests
Epsilon TargetSource US – Home Electronics
Epsilon TargetSource US – Mail Order Buyers
Epsilon TargetSource US – Outdoor Enthusiasts
Epsilon TargetSource US – Scrapbooking and Crafts
Epsilon TargetSource US – Sports
Epsilon TargetSource US – Women at Home
High-Tech Connect Formerly From Equifax
ICOM Home Based Business Entrepreneurs
ICOM Self Employed Entrepreneurs
ICOM Target NewMover – PreMover Data
ICOM Target NewMovers
ICOM TargetPlus [formerly Advantage Choice] – Financial
ICOM TargetPlus [formerly Advantage Choice] – Masterfile
ICOM TargetPlus [formerly Advantage Choice] – New Parents
ICOM TargetPlus [formerly Advantage Choice] – Real Property
ICOM TargetPlus [formerly Advantage Choice] – Survey
ICOM TargetPlus [formerly Advantage Choice] -Transactional Mail Order
ICOM TargetSource Canada – Adults Ages
ICOM TargetSource Pet Owners
ICOM TargetSource U.S. – Avid Readers
COM TargetSource U.S. Ailments and Health
ICOM TargetSource U.S. Charitable Donors
ICOM TargetSource U.S. Collectors
ICOM TargetSource U.S. Computer and Internet Users
ICOM TargetSource U.S. Education
ICOM TargetSource U.S. Finance and Investing
ICOM TargetSource U.S. Hobbies and Interests
ICOM TargetSource U.S. Household Items
ICOM TargetSource U.S. Sports
ICOM TargetSource US – Diet and Health
ICOM Targetsource US – Grandparents
ICOM TargetSource US – Homeownership
ICOM Targetsource US – Masterfile
ICOM TargetSource US – Music Preferences
ICOM TargetSource US – Travelers
ICOM TargetSource US – Vehicle
ICOM Weekly New Movers
Permission! Formerly from Equifax
Residential Property Plus Formerly From Equifax
Rx Selector Formerly From Equifax
Small Area Characteristics Database
TargetPoint In-Market Formerly From Equifax
TargetPoint New Movers Formerly From Equifax
The Lifestyle Selector Formerly From Equifax
The Response Selector Formerly From Equifax
The SOHO Selector Formerly From Equifax
TotalSource XL Formerly From Equifax
The College Board the people who bring missery to high school students with the SAT http://www.databreaches.net/?p=17335
I got one from Home Depot credit card services also.
Got this Monday from US Bank:
Here’sAs a valued U.S. Bank customer, we want to make you aware of a situation that has occurred related to your email address.
We have been informed by Epsilon Interactive, a vendor based in Dallas, Texas, that files containing your email address were accessed by unauthorized entry into their computer system. Epsilon helps us send you emails about products and services that may be of interest to you.
We want to assure you that U.S. Bank has never provided Epsilon with financial information about you. For your security, however, we wanted to call this matter to your attention. We ask that you remain alert to any unusual or suspicious emails.
Please remember that U.S. Bank will never request information such as your personal ID, password, social security number, PIN or account number via email. For your safety, never share this or similar information in response to an email request at any time.
Received this Monday 4/4/11
Chase is letting our customers know that we have been informed by Epsilon, a vendor we use to send e-mails, that an unauthorized person outside Epsilon accessed files that included e-mail addresses of some Chase customers. We have a team at Epsilon investigating and we are confident that the information that was retrieved included some Chase customer e-mail addresses, but did not include any customer account or financial information. Based on everything we know, your accounts and confidential information remain secure. As always, we are advising our customers of everything we know as we know it, and will keep you informed on what impact, if any, this will have on you.
We apologize if this causes you any inconvenience. We want to remind you that Chase will never ask for your personal information or login credentials in an e-mail. As always, be cautious if you receive e-mails asking for your personal information and be on the lookout for unwanted spam. It is not Chase’s practice to request personal information by e-mail.
As a reminder, we recommend that you:
The security of your information is a critical priority to us and we strive to handle it carefully at all times. Please visit our Security Center at chase.com and click on “Fraud Information” under the “How to Report Fraud.” It provides additional information on exercising caution when reading e-mails that appear to be sent by us.
Sincerely,
Patricia O. Baker
Senior Vice President
Chase Executive Office
Marks & Spencer too…
Add Soccer.com; just got the notice….
i received notice from tripadvisor and brookstone.
Recieved this the other day. You can add HSN to the list
April 2, 2011
Dear HSN Customer,
HSN values your trust and wants to make you
aware of a recent incident. We learned from our email provider,
Epsilon, that limited information about you was accessed by an
unauthorized individual or individuals. This information included your
name and email address and did not include any financial or other
sensitive information. We felt it was important to notify you of this
incident as soon as possible. We apologize for any inconvenience and
have outlined below a number of email safeguards to help ensure your
privacy online.
Email scams, spam, and other attacks on email systems are on the rise,
but, by taking certain precautions when receiving emails, you can
continue to safely use email for your business and personal needs:
when asked to do so by email. Most reputable companies do not ask for
such information by email, and, rest assured, we will not do so.
for sensitive information, do not respond, click on any links, or
download any attachments. Instead, please inform us immediately at the
toll-free number or email address provided below.
We take your privacy very seriously and work diligently to protect your
information, whether held by us or by our service providers. HSN‘s
internal databases, which store all customer-provided data, were in no
way compromised. Our email provider has taken significant steps to
further protect the limited customer information held in its databases.
If you have any questions or concerns regarding this incident, please
contact us toll free at 1-800-933-2887 or email us at customerservice@hsn.com.
Sincerely,
Gregg Stallwood
Senior Vice President, Customer Care – HSN
Please do not reply to this email. If you would like to contact us, please call us toll free at 1-800-933-2887 or email us at customerservice@hsn.com.
HSN Interactive LLC | Attn: Customer Service | 1 HSN Drive | St. Petersburg, FL 33729
I find it a bit dismaying that we are continually receiving email from various companies that security in some fashion has been compromised. While I realize in a global economy such as we have that information is relatively free for the taking, I think companies sharing/collecting such information should be held to a higher standard of protection. Hackers will get in if they really want to – but this type of thing verges on the ridiculous.
Maybe it is time for companies to put a halt to their information gathering and sharing – for the good of their clients. It seems in the mad rush to be top dog, these companies have forgotten that without us, the clients, they are nothing. They sure don’t cut us any breaks if our identity is stolen due to something like this … our grandparents taught us the old saying “an ounce of prevention is worth a pound of cure” … perhaps the “big boys” should pay more attention to that simple statement, and take better care of the information their clients are willing to share with them!
TechTeam Global also should be added to the list, as I received an email from them yesterday. I worked for them for a year, so I was on their emailing list.
Annie Sez should be added to the list
Add Verizon to the list:
Dear Verizon Customer,
We have been informed by Epsilon, a provider of Verizon’s email marketing services, that your email address was exposed due to unauthorized access to its systems. Verizon uses Epsilon to send marketing communications on our behalf.
Epsilon has assured us that the information exposed was limited to email addresses, and that no other information about you or your account was exposed.
As always, you should be cautious when opening email links or attachments from unknown or suspicious parties, or emails purporting to be from Verizon and asking for financial or account password information. It is our policy to never ask for this information in emails. If you receive such emails, do not reply to them. You can report suspect or unwanted emails to Verizon at abuse@verizon.net and can obtain more information on how to protect against spam and phishing attacks on Verizon’s Privacy Policy page by clicking on “Tips for Guarding Your Information” located at the top right hand corner of the page. Our privacy policy can be found at Verizon.com/privacy.
We regret any inconvenience this may cause you. Please be assured that we take the privacy of your information very seriously.
Sincerely,
Verizon
One of our email distribution groups received the fake security update which purported to be from QuickBooks.
http://fireepsilon.blogspot.com/
Why did Paypal all of a sudden require thier customers to verify that they want their mailings? that is rather suspiciaous. I say Palpal/Ebay was part of it but they have not confessed that they give out info to Epsilon.
Ameritrade needs to be added
Ameritrade needs to be added
Charter Communications has also sent out notices to it’s customers.
Micro Center has sent out letters to their customers for that have credit cards.
You can add:
Exxon/Mobil
Shell
BP/Amoco
You can add:
Exxon/Mobil
Shell
BP/Amoco
Woman Within
King Size
This isn’t spam, but another company affected by the breach.
Add “Airmiles” in Canada ot the list, I just got anotification from them. That one is huge.