Smart SpendingSmart Spending

Massive data breach reported

Affected companies began notifying their customers over the weekend that hackers may have accessed their email addresses.

By MSN Money Partner Apr 4, 2011 8:23PM

This post comes from Mark Huffman at partner site ConsumerAffairs.com.

 

In what could be the largest security breach in U.S. history, a virtual who's who of U.S. companies have begun notifying consumers that their names and email addresses, held in a vast database, may be been illegally accessed.

 

What the companies, including Citigroup, Capital One,Kroger and TiVo, all have in common is doing business with Epsilon, a provider of email marketing services. Post continues after video.

"On March 30th, an incident was detected where a subset of Epsilon clients' customer data were exposed by an unauthorized entry into Epsilon's email system," the company said in a statement. "The information that was obtained was limited to email addresses and/or customer names only. A rigorous assessment determined that no other personal identifiable information associated with those names was at risk. A full investigation is currently underway."

 

Limited threat?

Affected companies began notifying their customers over the weekend that hackers may have accessed their email addresses, though there appears to be no way the hackers can actually access the accounts themselves.

"Capital One has been informed that the compromised files did not include any personally identifiable or customer financial information," the credit card company said in a statement Sunday. "Capital One is actively investigating the incident and Epsilon is conducting its own comprehensive investigation in cooperation with the appropriate authorities."

 

While consumers often receive spam emails sent at random, security experts say the ability of scammers to put names with email addresses may make these phishing expeditions more effective.

 

Ignore emails

"Customers are reminded to ignore emails asking for confidential account or login information and remember that familiar looking links in an email can redirect to a fraudulent site," Capital One said. "If you get an email that claims to be from us but you aren't sure, or you think it's suspicious, don't click any of the links."

 

In warning its customers, TiVo sought to reassure them that the information, if actually obtained by unauthorized personnel, would not compromise sensitive data.

 

"We were advised by Epsilon that the information that was obtained was limited to first name and/or email addresses only," Tivo said. "Epsilon does not have access to service information or credit card details and all such personally identifiable information remains secure."

 

Epsilon, a unit of Alliance Data Systems, sends out an estimated 40 billion email ads each year. Law enforcement authorities are said to be investigating how the breach occurred, and just how many names and email addresses might have been accessed.

 

More from ConsumerAffairs.com and MSN Money:

0Comments

DATA PROVIDERS

Copyright © 2014 Microsoft. All rights reserved.

Fundamental company data and historical chart data provided by Morningstar Inc. Real-time index quotes and delayed quotes supplied by Morningstar Inc. Quotes delayed by up to 15 minutes, except where indicated otherwise. Fund summary, fund performance and dividend data provided by Morningstar Inc. Analyst recommendations provided by Zacks Investment Research. StockScouter data provided by Verus Analytics. IPO data provided by Hoover's Inc. Index membership data provided by Morningstar Inc.

ABOUT SMART SPENDING

Smart Spending brings you the best money-saving tips from MSN Money and the rest of the Web. Join the conversation on Facebook and follow us on Twitter.

VIDEO ON MSN MONEY

TOOLS

More