If you are a customer of any one of a number of businesses that are clients of Epsilon, an Irving, TX-based email marketing service, your name or email may have been obtained in a data breach announced last Friday. Epsilon states:
“On March 30th, an incident was detected where a subset of Epsilon clients' customer data were exposed by an unauthorized entry into Epsilon's email system. The information that was obtained was limited to email addresses and/or customer names only. A rigorous assessment determined that no other personal identifiable information associated with those names was at risk. A full investigation is currently underway.”
As of April 4, 2011, Epsilon says, the affected clients “are approximately 2 percent of total clients and are a subset of clients for which Epsilon provides email services.”
Epsilon states that consumers in the US and Canada with inquiries may call 866-595-4896. Epsilon posted a news release on its website.
Businesses whose records with Epsilon may have been breached are sending notices to their customers. One business wrote:
We were recently notified by Epsilon, a marketing vendor used by [our business] to manage customer emails, that an unauthorized third party gained access to a number of Epsilon's accounts including [our] email list.
In all likelihood, this will not impact you. However, we recommend that you continue to be on the alert for spam emails requesting personal or sensitive information. Please understand and be assured that [our business] does not send emails requesting customers to verify personal information.
Which businesses may be affected? Among those reported so far: TiVo, Kroger, JP Morgan Chase, Capital One, Citi, Walgreens, LL Bean, and Marriott.
The Better Business Bureau (BBB) advises consumers to be on the lookout for phishing emails, which are unsolicited emails that appear to be from a business and ask the recipient to click on a link and submit personal information. Unsuspecting consumers who provide personal information in response to phishing emails could become victims of identity theft.
Here are some tips from BBB and AOL Daily Finance if you receive an unsolicited email:
• Visit the website that supposedly sent the email in a new browser window. Make sure it is promoting the same offer in the email. BBB advises that you also look on the website for the real business to see if an alert has been posted about phishing emails.
• Put your mouse over the link in the suspicious email and look at the lower left corner of the screen to make sure the domain name matches the company that is allegedly sending the email.
• If the link must be clicked, it should still show the same domain name. If it doesn’t, and it asks for your financial information such as bank account number, Social Security number, etc. Do not provide it. If the link has a different domain name, it may be trying to infect your computer with a virus.
• Keep your security software up to date.
• Most importantly, avoid clicking on any links or opening attachments from unsolicited emails.
BBB suggests that suspicious or fraudulent emails can be reported to the business whose name is being used in the email.
To read the full AOL Finance article, go to: http://www.dailyfinance.com/story/market-news/epsilon-security-breach-protect-your-p/19901868/
For tips from the Federal Trade Commission (FTC) on dealing with spam email, including deceptive emails, see http://www.ftc.gov/bcp/edu/microsites/spam/
For more tips from BBB on Internet crime and protecting yourself from identity theft, visit http://dallas.bbb.org/Consumer-Tips/