List of Companies Hit By Epsilon Breach

UPDATED: The number of companies that was affected by the attack on online marketing firm Epsilon Data Management has continued to grow, virtually by the hour. Many retailers, banks and other firms sent out notification letters to their customers on Monday, and to help you keep track of who’s affected, we’ve compiled a list of known companies victimized by the Epsilon attack.

Companies hit by EpsilonUPDATED: The number of companies that was affected by the attack on online marketing firm Epsilon Data Management has continued to grow, virtually by the hour. Many retailers, banks and other firms sent out notification letters to their customers on Monday, and to help you keep track of who’s affected, we’ve compiled a list of known companies victimized by the Epsilon attack.

There are likely to be even more companies that send out breach notification letters in the coming days, so check back for updates. If you know of others, please leave them in the comments section. One note: There are a number of companies whose customers are affected because they work with a third-party provider to issue a private label credit card. One of the providers that was affected was Alliance Data, Epsilon’s parent company, which manages private-label cards for dozens of companies. Here is a list of companies known to have been affected so far:

1-800-FLOWERS

AbeBooks

Air Miles (Canada)

Ameriprise Financial

Ann Taylor credit card (provided by WFNNB)

Barclay’s Bank of Delaware (this breach affects customers of several private-label Visa credit cards, including BJ’s and L.L. Bean)

Beachbody

Bebe Stores

Best Buy

Benefit Cosmetics

Brookstone

Capital One

Chase

Citigroup

City Market

College Board

Crucial

Dell

Dillons

Disney Destinations

Eddie Bauer

Eileen Fisher

Ethan Allen

Eurosport (Soccer.com)

Food 4 Less

Fred Meyer

Fry’s Electronics

Hilton Honors program

Home Depot Credit Card (issued by Citibank)

Home Shopping Network

J. Crew credit card (provided by WFNNB)

JPMorgan Chase

Kroger

Marks and Spencer

Marriott

McKinsey Quarterly

MoneyGram

New York & Co.

QFC

Ralph’s

Red Roof Inns

Ritz-Carlton

Robert Half International

Scottrade

Smith Brands

Target

Tastefully Simple

TD Ameritrade

The Limited credit card (provided by WFNNB)

TIAA-CREF

TiVo

US Bank

Verizon

Walgreen’s

Suggested articles

Discussion

  • Anonymous on

    1-800-Flowers

  • drstrangep0rk on

    I have included a list of the kinds of product offering from Epsilon to better enable ISO and individuals to help defend against the types of attacks which will come of this breach down the road. (6months to a year or two out) WIth a hosts of privacy rules, federal laws/regulations and state laws/regulations my fear is that Epsilon will not fully disclose what was compromised and made public. No matter how painful to their business goals it is important that Epsilon provide a full accounting of the who, what, where, when and how of the breach. For example, some sites use pet names for password resets. This breach is a treasure trove of information with far reaching implications. ********************************************************************************* + Some of the personally identifiable information Epsilon Sells: Age Childern Email Address Mail Order Addresses Professions Astrology Computer Type Ethnic Information Religion Business type Insurance preferences Pets Residence Buyer of household Donor information to charities Lifestyle Political Affiliations Senior information age ********************************************************************************* + Epsilon's Product Data Cards (Types of Data): American Smokers Registry BusinessClass List Builder From Equifax Epsilon TargetSource US - Ailments/Health Epsilon TargetSource US - Avid Readers Epsilon TargetSource US - Charitable Donors Epsilon TargetSource US - Collectors Epsilon TargetSource US - Computer and Internet Users Epsilon TargetSource US - Cooking and Culinary Epsilon TargetSource US - Financial Services Sector Epsilon TargetSource US - Gardening Enthusiasts Epsilon TargetSource US - Higher Education Epsilon TargetSource US - Hobbies and Interests Epsilon TargetSource US - Home Electronics Epsilon TargetSource US - Mail Order Buyers Epsilon TargetSource US - Outdoor Enthusiasts Epsilon TargetSource US - Scrapbooking and Crafts Epsilon TargetSource US - Sports Epsilon TargetSource US - Women at Home High-Tech Connect Formerly From Equifax ICOM Home Based Business Entrepreneurs ICOM Self Employed Entrepreneurs ICOM Target NewMover - PreMover Data ICOM Target NewMovers ICOM TargetPlus [formerly Advantage Choice] - Financial ICOM TargetPlus [formerly Advantage Choice] - Masterfile ICOM TargetPlus [formerly Advantage Choice] - New Parents ICOM TargetPlus [formerly Advantage Choice] - Real Property ICOM TargetPlus [formerly Advantage Choice] - Survey ICOM TargetPlus [formerly Advantage Choice] -Transactional Mail Order ICOM TargetSource Canada - Adults Ages ICOM TargetSource Pet Owners ICOM TargetSource U.S. - Avid Readers COM TargetSource U.S. Ailments and Health ICOM TargetSource U.S. Charitable Donors ICOM TargetSource U.S. Collectors ICOM TargetSource U.S. Computer and Internet Users ICOM TargetSource U.S. Education ICOM TargetSource U.S. Finance and Investing ICOM TargetSource U.S. Hobbies and Interests ICOM TargetSource U.S. Household Items ICOM TargetSource U.S. Sports ICOM TargetSource US - Diet and Health ICOM Targetsource US - Grandparents ICOM TargetSource US - Homeownership ICOM Targetsource US - Masterfile ICOM TargetSource US - Music Preferences ICOM TargetSource US - Travelers ICOM TargetSource US - Vehicle ICOM Weekly New Movers Permission! Formerly from Equifax Residential Property Plus Formerly From Equifax Rx Selector Formerly From Equifax Small Area Characteristics Database TargetPoint In-Market Formerly From Equifax TargetPoint New Movers Formerly From Equifax The Lifestyle Selector Formerly From Equifax The Response Selector Formerly From Equifax The SOHO Selector Formerly From Equifax TotalSource XL Formerly From Equifax
  • Anonymous on

    The College Board the people who bring missery to high school students with the SAT  http://www.databreaches.net/?p=17335

  • Loren on

    I got one from Home Depot credit card services also.

  • Anonymous on

    Got this Monday from US Bank:

    Here'sAs a valued U.S. Bank customer, we want to make you aware of a situation that has occurred related to your email address.

    We have been informed by Epsilon Interactive, a vendor based in Dallas, Texas, that files containing your email address were accessed by unauthorized entry into their computer system. Epsilon helps us send you emails about products and services that may be of interest to you.

    We want to assure you that U.S. Bank has never provided Epsilon with financial information about you. For your security, however, we wanted to call this matter to your attention. We ask that you remain alert to any unusual or suspicious emails.

    Please remember that U.S. Bank will never request information such as your personal ID, password, social security number, PIN or account number via email. For your safety, never share this or similar information in response to an email request at any time.

  • Tim on

    Received this Monday 4/4/11

    Chase is letting our customers know that we have been informed by Epsilon, a vendor we use to send e-mails, that an unauthorized person outside Epsilon accessed files that included e-mail addresses of some Chase customers. We have a team at Epsilon investigating and we are confident that the information that was retrieved included some Chase customer e-mail addresses, but did not include any customer account or financial information. Based on everything we know, your accounts and confidential information remain secure. As always, we are advising our customers of everything we know as we know it, and will keep you informed on what impact, if any, this will have on you.

    We apologize if this causes you any inconvenience. We want to remind you that Chase will never ask for your personal information or login credentials in an e-mail. As always, be cautious if you receive e-mails asking for your personal information and be on the lookout for unwanted spam. It is not Chase's practice to request personal information by e-mail.

    As a reminder, we recommend that you:

    • Don't give your Chase OnlineSM User ID or password in e-mail.
    • Don't respond to e-mails that require you to enter personal information directly into the e-mail.
    • Don't respond to e-mails threatening to close your account if you do not take the immediate action of providing personal information.
    • Don't reply to e-mails asking you to send personal information.
    • Don't use your e-mail address as a login ID or password.

    The security of your information is a critical priority to us and we strive to handle it carefully at all times. Please visit our Security Center at chase.com and click on "Fraud Information" under the "How to Report Fraud." It provides additional information on exercising caution when reading e-mails that appear to be sent by us.

    Sincerely,

    Patricia O. Baker

    Senior Vice President

    Chase Executive Office

  • Anonymous on

    Marks & Spencer too...

  • Aaron on

    Add Soccer.com; just got the notice....

  • Anonymous on

    i received notice from tripadvisor and brookstone.

  • Anonymous on

    Recieved this the other day. You can add HSN to the list

    April 2, 2011

    Dear HSN Customer,

    HSN values your trust and wants to make you aware of a recent incident. We learned from our email provider, Epsilon, that limited information about you was accessed by an unauthorized individual or individuals. This information included your name and email address and did not include any financial or other sensitive information. We felt it was important to notify you of this incident as soon as possible. We apologize for any inconvenience and have outlined below a number of email safeguards to help ensure your privacy online.

    Email scams, spam, and other attacks on email systems are on the rise, but, by taking certain precautions when receiving emails, you can continue to safely use email for your business and personal needs:
    • Don't open links or attachments from people you don't know and trust.
    • Don't provide personal, financial, or other sensitive information when asked to do so by email. Most reputable companies do not ask for such information by email, and, rest assured, we will not do so.
    • If you receive an email appearing to come from us that does ask you for sensitive information, do not respond, click on any links, or download any attachments. Instead, please inform us immediately at the toll-free number or email address provided below.

    We take your privacy very seriously and work diligently to protect your information, whether held by us or by our service providers. HSN's internal databases, which store all customer-provided data, were in no way compromised. Our email provider has taken significant steps to further protect the limited customer information held in its databases. If you have any questions or concerns regarding this incident, please contact us toll free at 1-800-933-2887 or email us at customerservice@hsn.com.

    Sincerely,
    Gregg Stallwood
    Senior Vice President, Customer Care – HSN

    Please do not reply to this email. If you would like to contact us, please call us toll free at 1-800-933-2887 or email us at customerservice@hsn.com.
    HSN Interactive LLC | Attn: Customer Service | 1 HSN Drive | St. Petersburg, FL 33729‪



  • LynnDee on

    I find it a bit dismaying that we are continually receiving email from various companies that security in some fashion has been compromised. While I realize in a global economy such as we have that information is relatively free for the taking, I think companies sharing/collecting such information should be held to a higher standard of protection. Hackers will get in if they really want to - but this type of thing verges on the ridiculous.

    Maybe it is time for companies to put a halt to their information gathering and sharing - for the good of their clients. It seems in the mad rush to be top dog, these companies have forgotten that without us, the clients, they are nothing.  They sure don't cut us any breaks if our identity is stolen due to something like this ... our grandparents taught us the old saying "an ounce of prevention is worth a pound of cure" ... perhaps the "big boys" should pay more attention to that simple statement, and take better care of the information their clients are willing to share with them!

  • Anonymous on

    TechTeam Global also should be added to the list, as I received an email from them yesterday. I worked for them for a year, so I was on their emailing list.

  • Anonymous on

    Annie Sez should be added to the list

  • Ben B on

    Add Verizon to the list:

    Dear Verizon Customer,

    We have been informed by Epsilon, a provider of Verizon's email marketing services, that your email address was exposed due to unauthorized access to its systems. Verizon uses Epsilon to send marketing communications on our behalf.

    Epsilon has assured us that the information exposed was limited to email addresses, and that no other information about you or your account was exposed.

    As always, you should be cautious when opening email links or attachments from unknown or suspicious parties, or emails purporting to be from Verizon and asking for financial or account password information. It is our policy to never ask for this information in emails. If you receive such emails, do not reply to them. You can report suspect or unwanted emails to Verizon at abuse@verizon.net and can obtain more information on how to protect against spam and phishing attacks on Verizon's Privacy Policy page by clicking on "Tips for Guarding Your Information" located at the top right hand corner of the page. Our privacy policy can be found at Verizon.com/privacy.

    We regret any inconvenience this may cause you. Please be assured that we take the privacy of your information very seriously.

    Sincerely,

    Verizon

  • Lynnette Smith on

    One of our email distribution groups received the fake security update which purported to be from QuickBooks.

     

  • Fire Epsilon on

    http://fireepsilon.blogspot.com/

  • Peter Cornstalk on

    Why did Paypal all of a sudden require thier customers to verify that they want their mailings? that is rather suspiciaous. I say Palpal/Ebay was part of it but they have not confessed that they give out info to Epsilon.

  • Anonymous on

    Ameritrade needs to be added

  • Anonymous on

    Ameritrade  needs to be added

  • Anonymous on

    Charter Communications has also sent out notices to it's customers.

  • Anonymous on

    Micro Center has sent out letters to their customers for that have credit cards.

  • Anonymous on

    You can add:

    Exxon/Mobil

    Shell

    BP/Amoco

  • Anonymous on

    You can add:

     

    Exxon/Mobil

    Shell

    BP/Amoco

     

  • Anonymous on

    Woman Within

    King Size

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.