Target, Best Buy, US Bank customers caught in massive e-mail hack
Epsilon, a digital marketing firm whose clients include Twin Cities-based Target, Best Buy and US Bank, has been hit by a hacking operation that made off with what sounds like a massive haul of of e-mail addresses, and perhaps other data as well.
Epsilon Epsilon CEO Bryan Kennedy. Is his e-mail secure?
Great. Well, at least we know who to blame for the upcoming wave of spam from Nigerian phishing expeditions and Russian porn sites.
Hopefully that's the worst of Epsilon problems, unless people's credit card and bank accounts start getting cleaned out -- a nightmare that Epsilon's clients dismiss as outside the realm of possibility.
The ever-increasing breadth of the hack -- 50 major businesses were hit according to Mashable -- makes it emblematic of the kinds of privacy invasions that online shoppers and bankers rightly fear in this networked world. According to Epsilon:
On March 30th, an incident was detected where a subset* of Epsilon clients' customer data were exposed by an unauthorized entry into Epsilon's email system. The information that was obtained was limited to email addresses and/or customer names only. A rigorous assessment determined that no other personal identifiable information associated with those names was at risk. A full investigation is currently underway.
That subset, according to the compamy, is about 5 percent of its total database. It doesn't provide a hard figure for the actual number of customers.
Ever signed up for promotions using a form like this?
Basically, if you've ever opted into a sales or marketing promotion with one of the 50 companies, someone you don't know may be loading your e-mail address into some evil spam machine -- or worse.
Here's a copy of what had to be a very embarrassing e-mail alert that US Bank e-mailed its customers when it heard the bad news:
As a valued U.S. Bank customer, we want to make you aware of a situation that has occurred related to your email address.
We have been informed by Epsilon Interactive, a vendor based in Dallas, Texas, that files containing your email address were accessed by unauthorized entry into their computer system. Epsilon helps us send you emails about products and services that may be of interest to you.
We want to assure you that U.S. Bank has never provided Epsilon with financial information about you. For your security, however, we wanted to call this matter to your attention. We ask that you remain alert to any unusual or suspicious emails.
Sign up today, hacked tomorrow?
Please remember that U.S. Bank will never request information such as your personal ID, password, social security number, PIN or account number via email. For your safety, never share this or similar information in response to an email request at any time. To learn more about recognizing online fraud issues, visit [LINK].
In addition, if you receive any suspicious looking emails, please tell us immediately.
Call U.S. Bank Customer Service at 800-US-BANKS (800-872-2657).
The security of your information is important to us, and we apologize for any inconvenience this may have caused you. As always, if you have any questions, or need any additional information, please do not hesitate to contact us.
Frankly, we hope Epsilon CEO Bryan Kennedy starts getting inundated with spam in the wake of this mess. But we have a feeling he gets the option of opting out.