I have been wanting to write about this issue for a while now. I am sure you have received notices from legitimate companies you do business with, that your name and email address had been stolen from Epsilon, a company that provides email marketing to large corporations.
We all do some sort of business online, whether it is making a purchase, e-filing income tax returns, online banking, or signing up for emails from companies we do business with. Usually, when we pay with a credit card or do online banking, we are sent to a secure server to do it. If you look at the address on your browser after logging in or when you arrive at the payment page, you will notice that the beginning of the address changes from http:// to https://. The S means you are on a secure server where nobody except the credit card processor or bank can capture your information. If you don't see the extra S, you should not do business on that website.
So what happened at Epsilon, and how will it affect us? First you should know that Epsilon is the largest email marketing service in existence. On March 30, 2011, an unauthorized party (hacker) gained entry into Epsilon's system and accessed e-mails and customer names for a subset of Epsilon clients. If you're a customer of one of these clients, there's a good chance that some hacker now knows your name and e-mail address. These subset clients include the following:
1.1-800-FLOWERS
2.AbeBooks
3.Abercrombie & Fitch (WFNNB)
4.AIR MILES Reward Program (Canada)
5.Ameriprise
6.Ann Taylor (WFNNB)
7.AshleyStewart (WFNNB)
8.Avenue (WFNNB)
9.Barclays Bank of Delaware 10.Beachbody
11.Bealls (WFNNB)
12.bebe
13.Best Buy
14.Best Buy Canada Reward Zone
15.Benefit Cosmetics (see below)
16.BJ’s Visa (Barclays Bank of Delaware)
17.Brookstone
18.Capital One
19.Catherine’s (WFNNB)
20.Chadwick’s (WFNNB)
21.Charter Communications
22.Chase
23.Citigroup
24.City Market
25.College Board
26.Crate & Barrel (WFNNB)
27.Crucial
28.David’s Bridal
29.Dell Australia
30.Dillons
31.Disney Destinations (The Walt Disney Travel Company)
32.Domestications (WFNNB)
33.Dressbarn (WFNNB)
34.Eddie Bauer Friends
35.Eileen Fisher (doesn’t name Epsilon but same template letter)
36.Ethan Allen
37.Eurosport Soccer (Soccer.com)
38.Express card (WFNNB)
39.ExxonMobil Card (Citi)
40.Fashion Bug (WFNNB)
41.FINA (WFNNB)
42.Food 4 Less
43.Fred Meyer
44.Fry’s
45.Gander Mountain (WFNNB)
46.Giant Eagle Fuelperks! (WFNNB)
47.GlaxoSmithKline Consumer Healthcare (GSK)
48.Goody’s (WFNNB)
49.Hilton Honors
50.Home Depot Card (Citi)
51.Home Shopping Network (HSN)
52.J Crew (WFNNB)
53.J.Jill
54.Jay C
55.Jessica London (WFNNB)
56.JPMorgan Chase
57.Justice (WFNNB)
58.KingSize Direct (WFNNB)
59.King Soopers
60.Kroger
61.Lacoste
62.Lane Bryant (WFNNB)
63.L.L. Bean Visa (Barclay’s)
64.M & T Bank
65.Marriott Rewards (FAQ on site)
66.Marks & Spencer
67.Maurice’s (WFNNB)
68.McKinsey Quarterly
69.MoneyGram
70.MyPoints Reward Visa
71.New York & Company
72.NTB Card (Citi)
73.One Stop Plus (WFNNB)
74.PacSun (Pacific Sunwear) (WFNNB)
75.Palais Royal (WFNNB)
76.Peebles (WFNNB)
77.Polo Ralph Lauren
78.PotteryBarn/PotteryBarnKids (WFNNB)
79.Quality Food Centers (QFC)
80.QualityHealth
81.RadioShack (WFNNB)
82.Ralphs
83.Red Roof Inn
84.Reeds Jewelers (WFNNB)
85.Ritz-Carlton (FAQ)
86.Robert Half International
87.Scottrade
88.Sears (Citi)
89.Shell (Citi)
90.Smile Generation Financial
91.Smith’s Food & Drug Centers (Smith’s Brands)
92.Sportsman’s Guide (WFNNB)
93.Stage (WFNNB)
94.Stonebridge Life Insurance
95.Target
96.Tastefully Simple
97.TD Ameritrade
98.The Limited (WFNNB)
99.The Place (Citi)
100.TIAA-CREF
101.TiVo
102.Trek (WFNNB)
103.United Retail Group (WFNNB)
104.US Bank
105.Value City Furniture (WFNNB)
106.Verizon
107.Victoria’s Secret (WFNNB)
108.Viking River Cruises
109.Walgreens
110.Woman Within (WFNNB)
As you can see, this is huge, and probably the most egregious breach of information to date. My name and email address was with at least 6 of these companies, possibly more, yet I only received notices from 3 of them. According to Epsilon, no other personal information was exposed besides e-mails and names. Law enforcement and individual companies are doing their own investigations, but unless you've got a really easy to crack password (e.g. 123456), your money should be safe.
You may wonder why this is so serious if they only got your name and email address? In addition to your name and email address, they also know which company it is associated with. The concern is that the stolen email addresses will be used by the intruders to launch sophisticated and highly targeted phishing attacks.
The stolen information will allow scammers to send authentic-looking email messages that appear to come from a bank or other business with whom the user has an existing relationship. The emails will try to trick people into parting with information such as their usernames and passwords for bank accounts or other online accounts, or they could try to trick people into downloading malware on to their systems. People who don't fall for such scams should be fine, therefore we must be extra vigilant.
In order to be vigilant, you should not click links in emails even if they appear come from someone you know or a company you do business with. Instead, manually type their web address into your browser. Once you arrive at the site, navigate to the desired page.
Since this has recently been in the news, it is expected that the hackers will wait until they think people have forgotten. I urge you to continue to be vigilant indefinitely.
Sandy Coulter
A+ Certified Computer Tech
SEO & Web Marketing Specialist
http://www.geekmeup.com/
We all do some sort of business online, whether it is making a purchase, e-filing income tax returns, online banking, or signing up for emails from companies we do business with. Usually, when we pay with a credit card or do online banking, we are sent to a secure server to do it. If you look at the address on your browser after logging in or when you arrive at the payment page, you will notice that the beginning of the address changes from http:// to https://. The S means you are on a secure server where nobody except the credit card processor or bank can capture your information. If you don't see the extra S, you should not do business on that website.
So what happened at Epsilon, and how will it affect us? First you should know that Epsilon is the largest email marketing service in existence. On March 30, 2011, an unauthorized party (hacker) gained entry into Epsilon's system and accessed e-mails and customer names for a subset of Epsilon clients. If you're a customer of one of these clients, there's a good chance that some hacker now knows your name and e-mail address. These subset clients include the following:
1.1-800-FLOWERS
2.AbeBooks
3.Abercrombie & Fitch (WFNNB)
4.AIR MILES Reward Program (Canada)
5.Ameriprise
6.Ann Taylor (WFNNB)
7.AshleyStewart (WFNNB)
8.Avenue (WFNNB)
9.Barclays Bank of Delaware 10.Beachbody
11.Bealls (WFNNB)
12.bebe
13.Best Buy
14.Best Buy Canada Reward Zone
15.Benefit Cosmetics (see below)
16.BJ’s Visa (Barclays Bank of Delaware)
17.Brookstone
18.Capital One
19.Catherine’s (WFNNB)
20.Chadwick’s (WFNNB)
21.Charter Communications
22.Chase
23.Citigroup
24.City Market
25.College Board
26.Crate & Barrel (WFNNB)
27.Crucial
28.David’s Bridal
29.Dell Australia
30.Dillons
31.Disney Destinations (The Walt Disney Travel Company)
32.Domestications (WFNNB)
33.Dressbarn (WFNNB)
34.Eddie Bauer Friends
35.Eileen Fisher (doesn’t name Epsilon but same template letter)
36.Ethan Allen
37.Eurosport Soccer (Soccer.com)
38.Express card (WFNNB)
39.ExxonMobil Card (Citi)
40.Fashion Bug (WFNNB)
41.FINA (WFNNB)
42.Food 4 Less
43.Fred Meyer
44.Fry’s
45.Gander Mountain (WFNNB)
46.Giant Eagle Fuelperks! (WFNNB)
47.GlaxoSmithKline Consumer Healthcare (GSK)
48.Goody’s (WFNNB)
49.Hilton Honors
50.Home Depot Card (Citi)
51.Home Shopping Network (HSN)
52.J Crew (WFNNB)
53.J.Jill
54.Jay C
55.Jessica London (WFNNB)
56.JPMorgan Chase
57.Justice (WFNNB)
58.KingSize Direct (WFNNB)
59.King Soopers
60.Kroger
61.Lacoste
62.Lane Bryant (WFNNB)
63.L.L. Bean Visa (Barclay’s)
64.M & T Bank
65.Marriott Rewards (FAQ on site)
66.Marks & Spencer
67.Maurice’s (WFNNB)
68.McKinsey Quarterly
69.MoneyGram
70.MyPoints Reward Visa
71.New York & Company
72.NTB Card (Citi)
73.One Stop Plus (WFNNB)
74.PacSun (Pacific Sunwear) (WFNNB)
75.Palais Royal (WFNNB)
76.Peebles (WFNNB)
77.Polo Ralph Lauren
78.PotteryBarn/PotteryBarnKids (WFNNB)
79.Quality Food Centers (QFC)
80.QualityHealth
81.RadioShack (WFNNB)
82.Ralphs
83.Red Roof Inn
84.Reeds Jewelers (WFNNB)
85.Ritz-Carlton (FAQ)
86.Robert Half International
87.Scottrade
88.Sears (Citi)
89.Shell (Citi)
90.Smile Generation Financial
91.Smith’s Food & Drug Centers (Smith’s Brands)
92.Sportsman’s Guide (WFNNB)
93.Stage (WFNNB)
94.Stonebridge Life Insurance
95.Target
96.Tastefully Simple
97.TD Ameritrade
98.The Limited (WFNNB)
99.The Place (Citi)
100.TIAA-CREF
101.TiVo
102.Trek (WFNNB)
103.United Retail Group (WFNNB)
104.US Bank
105.Value City Furniture (WFNNB)
106.Verizon
107.Victoria’s Secret (WFNNB)
108.Viking River Cruises
109.Walgreens
110.Woman Within (WFNNB)
As you can see, this is huge, and probably the most egregious breach of information to date. My name and email address was with at least 6 of these companies, possibly more, yet I only received notices from 3 of them. According to Epsilon, no other personal information was exposed besides e-mails and names. Law enforcement and individual companies are doing their own investigations, but unless you've got a really easy to crack password (e.g. 123456), your money should be safe.
You may wonder why this is so serious if they only got your name and email address? In addition to your name and email address, they also know which company it is associated with. The concern is that the stolen email addresses will be used by the intruders to launch sophisticated and highly targeted phishing attacks.
The stolen information will allow scammers to send authentic-looking email messages that appear to come from a bank or other business with whom the user has an existing relationship. The emails will try to trick people into parting with information such as their usernames and passwords for bank accounts or other online accounts, or they could try to trick people into downloading malware on to their systems. People who don't fall for such scams should be fine, therefore we must be extra vigilant.
In order to be vigilant, you should not click links in emails even if they appear come from someone you know or a company you do business with. Instead, manually type their web address into your browser. Once you arrive at the site, navigate to the desired page.
Since this has recently been in the news, it is expected that the hackers will wait until they think people have forgotten. I urge you to continue to be vigilant indefinitely.
Sandy Coulter
A+ Certified Computer Tech
SEO & Web Marketing Specialist
http://www.geekmeup.com/
