A huge security breach has exposed the names and email addresses of customers of major brands, including Target, Best Buy, Walgreen’s, Capital One, and more.
UPDATE: Apparently, a slew of hotel chain rewards programs have also been hit by the Epsilon breach; affected chains include Hilton, Red Roof Inn, Ritz-Carlton and Marriott.
While most of these companies are understandably mum on how many customers might be at risk, it’s not inconceivable that millions of users’ information may have been accessed by an unauthorized party.
Epsilon, a digital marketing firm that does a fair amount of email marketing, notified its clients Friday that “an unauthorized entry into Epsilon’s email system” had occurred. The firm stated at the time that the compromised data “was limited to email addresses and/or customer names only. A rigorous assessment determined that no other personal identifiable information associated with those names was at risk.”
By yesterday, we knew the names of a handful of affected clients. However, we are learning today that the data breach applies to some of the largest names in retail, including Target and Best Buy. Anyone who has signed up for or opted into email or other digital marketing campaigns from these companies may have had their name and email address or addresses accessed by an unknown party.
According to an email from Target, “Epsilon took immediate action to close the vulnerability and notified law enforcement.”
However, Target is now notifying customers whose information was compromised that their email addresses and names may now be in unsafe hands and is asking customers to exercise care when opening and responding to email.
The entire list of companies whose customers’ data has been accessed is unknown, but we’ll list the ones we know about below. We’ll add more names as they become available. If you received an email that your information may have been compromised due to the Epsilon breach, please do let us know in the comments section.
- Best Buy
- Capital One
- JP Morgan Chase & Co.
- US Bank
- McKinsey & Company
- Ritz-Carlton Rewards
- Marriott Rewards
- New York & Company
- The College Board
- Home Shopping Network (HSN)
- LL Bean
- Disney Destinations
- Barclays Bank of Delaware
The items below have been provided by Mashable readers who said they’ve been notified by the companies about Epsilon email breaches:
- Air Miles
- Red Roof Inn
- Hilton Honors
- The Home Depot
- New York & Company
For marketing companies that handle customer data for multiple large corporations, security ought to be a top priority — especially since these third parties are often a more attractive and “easy” target for black-hat hackers.
For now customers are advised to use common sense: Don’t provide sensitive information over email, and don’t respond to emails from senders you don’t know. At the best, you might see slightly more spam than usual in your inbox. At worst, you might have you email account brute-forced and mined for other sensitive data. In either case, an extra dose of caution and an extra secure password are in order.