If you received a notice from one or another company with whom you do business or have done business in the past, saying that your email address has been compromised due to a data security breach at email service provider (ESP) Epsilon (due to their customers’ email lists being hacked and stolen), you’re not alone. Oh, you are so not alone. Banks, large merchants, and others, have all had their entire list of customers’ email addresses swiped and leaked due to the Epsilon data breach. Chase Bank, Citi Bank, Best Buy, Krogers – even Disney, have all been affected – as have their customers. Of course, lots of people receiving these notices will assume that they are phishing attempts (and there will undoubtedly be phishing attempts riding on the coat tails of this fiasco).
Here is the complete list as we know it today – if you have received a notice saying that your email address has been compromised, please add the name of the company involved to the list here.
Chase Bank
Citi Bank
AbeBooks
Disney
Krogers
Brookstone
Hilton Honors
LL Bean
Capital One Financial Corp.,
Barclays Bank, U.S. Bancorp,
JPMorgan Chase & Co.
Ameriprise Financial Inc. a
Best Buy Co.
TiVo Inc.
New York & Co.
Walgreen
The College Board (CollegeBoard.com)
Marks & Spencer
So what should you do if you get one of these notifications? Well, first, change your password for your account with the company or companies that sent you the notice to something very strong. Then, change your password for any email account with which you have ever done business with those companies, because odds are every email address they have for you was in the stolen lists. Finally, if your password for any other account, anywhere (Facebook, Twitter, Google, Yahoo, any other email account, etc.) was even close to the old password at the company or companies, go change those passwords too.
Why? It looks like this: bad guy who now has your email address and knows with which company you did business using that email address, has a good shot at hacking into your account at that company. Once in your account, they can find out all kinds of information about you – your home address, your phone number, maybe even your SSN or credit card numbers, depending on the company and the security which they employ. (Yes, of course they are not supposed to store these in a way that even you could see your full SSN or credit card number, but you never know, and why take a chance?
The Internet Patrol is completely free, and reader-supported. Your tips via CashApp, Venmo, or Paypal are appreciated! Receipts will come from ISIPP.
CashApp us
Venmo us
Paypal us
Second, because with your email address – and especially with your email address and password, they will find your Facebook, Twitter, and other social media accounts, and hack into those too.
So, change your passwords pretty much everywhere if they aren’t already very strong, or if they are in any way similar to any other account or password that you may have.
Here are a couple of samples of the email that these companies are sending to their customers:
From Chase Bank:
Chase is letting our customers know that we have been informed by Epsilon, a vendor we use to send e-mails, that an unauthorized person outside Epsilon accessed files that included e-mail addresses of some Chase customers. We have a team at Epsilon investigating and we are confident that the information that was retrieved included some Chase customer e-mail addresses, but did not include any customer account or financial information. Based on everything we know, your accounts and confidential information remain secure. As always, we are advising our customers of everything we know as we know it, and will keep you informed on what impact, if any, this will have on you.
We apologize if this causes you any inconvenience. We want to remind you that Chase will never ask for your personal information or login credentials in an e-mail. As always, be cautious if you receive e-mails asking for your personal information and be on the lookout for unwanted spam. It is not Chase’s practice to request personal information by e-mail.
As a reminder, we recommend that you:
Don’t give your Chase OnlineSM User ID or password in e-mail.
Don’t respond to e-mails that require you to enter personal information directly into the e-mail.
Don’t respond to e-mails threatening to close your account if you do not take the immediate action of providing personal information.
Don’t reply to e-mails asking you to send personal information.
Don’t use your e-mail address as a login ID or password.
The security of your information is a critical priority to us and we strive to handle it carefully at all times. Please visit our Security Center at chase.com and click on “Fraud Information” under the “How to Report Fraud.” It provides additional information on exercising caution when reading e-mails that appear to be sent by us.Sincerely,
Patricia O. Baker
Senior Vice President
Chase Executive Office
—
From Brookstone:
++++++++++++Important E-Mail Security Alert++++++++++++
Dear Valued Brookstone Customer,
On March 31, we were informed by our e-mail service provider that your e-mail address may have been exposed by unauthorized entry into their system. Our e-mail service provider deploys e-mails on our behalf to customers in our e-mail database.
We want to assure you that the only information that may have been obtained was your first name and e-mail address. Your account and any other personally identifiable information are not stored in this system and were not at risk.
Please note, it is possible you may receive spam e-mail messages as a result. We want to urge you to be cautious when opening links or attachments from unknown third parties.
In keeping with best industry security practices, Brookstone will never ask you to provide or confirm any information, including credit card numbers, unless you are on our secure e-commerce site, Brookstone.com.
Our service provider has reported this incident to the appropriate authorities.
We regret this has taken place and for any inconvenience this may have caused you. We take your privacy very seriously, and we will continue to work diligently to protect your personal information.
Sincerely,
Brookstone Customer Care
—
From AbeBooks:
Epsilon Informs AbeBooks of E-mail Database BreachWe have been informed by Epsilon, a third-party vendor we use to send e-mails, that an unauthorized person outside their company accessed files that included e-mail addresses of some AbeBooks customers. Epsilon has advised us that the files that were accessed did not include any customer information other than email addresses.
As a reminder, AbeBooks will never ask customers for personal or account information in an e-mail. Please exercise caution if you get any emails that ask for personal information or direct you to a site where you are asked to provide personal information.
The Internet Patrol is completely free, and reader-supported. Your tips via CashApp, Venmo, or Paypal are appreciated! Receipts will come from ISIPP.
CashApp us
Venmo us
Paypal us
Target
New York Company
Victorias Secret
I’m a student and CollegeBoard.com informed me of this, as they too use Epsilon to contact me with emails. They assured me that everything was going to be fine because only my email was leaked.
Well, I received several of these emails from retailers. Now, the same day that I received the emails my computer has a trojan virus and all of my internet favorites are gone (disappeared) and many files/music, etc on my computer are gone, also icons disappeared from my desktop…?!