Hackers have gained the names and email addresses of millions of people who do business with a variety of companies, by way of third-party email marketing provider Epsilon.
Epsilon claims to be the world’s largest permission-based email marketing provider, sending over 40 billion emails annually. It works with more than 2,500 clients, including 7 of the Fortune 10.
Among company’s affected were US Bank, Capital One, JPMorgan Chase, Citigroup, Best Buy, Kroger, TiVo, Walgreen’s, and Robert Half. Epsilon said in a statement:
On March 30th, an incident was detected where a subset of Epsilon clients’ customer data were exposed by an unauthorized entry into Epsilon’s email system. The information that was obtained was limited to email addresses and/or customer names only. A rigorous assessment determined that no other personal identifiable information associated with those names was at risk. A full investigation is currently underway.
US Bank said in an email to customers, “We want to assure you that U.S. Bank has never provided Epsilon with financial information about you. For your security, however, we wanted to call this matter to your attention. We ask that you remain alert to any unusual or suspicious emails.”
TiVo sent a similar email saying,
We were advised by our email service provider that the information that was obtained was limited to first name and/or email addresses only. Your service and any other personally identifiable information were not at risk and remain secure.
Please note, it is possible you may receive spam email messages as a result. We want to urge you to be cautious when opening links or attachments from unknown third parties.
We regret this has taken place and apologize for any inconvenience this may have caused you. We take your privacy very seriously, and we will continue to work diligently to protect your personal information.
Robert Half told customers:
We deeply regret this has taken place and any inconvenience this may have caused you. We take your privacy very seriously, and we will continue to work diligently to protect your personal information. We were advised by Epsilon that the information that was obtained was limited to email addresses only.
Please note, it is possible you may receive spam email messages as a result. We want to urge you to be cautious when opening links or attachments from unknown third parties. We ask that you remain alert to any unusual or suspicious emails.
At least no financial data or passwords were obtained by the attackers. Epsilon’s reputation may have taken a hit, however. It will be interesting to see if it loses any of its major customers as a result of the ordeal.