Free Republic
Browse · Search
News/Activism
Topics · Post Article

Skip to comments.

Massive Breach at Epsilon Compromises Customer Lists of Major Brands
Security Week ^ | April 2, 2011 | Mike Lennon

Posted on 04/02/2011 8:46:19 PM PDT by brytlea

Due to the growing list of brands disclosing that they have been compromised as a result of this breach, I’m going to go ahead and tag this as a massive breach. And I only expect it to get bigger as more announcements come out from Epsilon customers.

Last night we reported on a breach at marketing services provider, Epsilon, the world’s largest permission-based email marketing provider. Initially we wrote that the breach had affected Kroger, the nation's largest traditional grocery retailer. There is a list of companies at the link (but I don't know if that is going to be the full list, it sounds like there may be more yet).

It turns out that Kroger is only one of many customers affected by the breach at Epsilon.

(Excerpt) Read more at securityweek.com ...


TOPICS: Business/Economy; Crime/Corruption; News/Current Events; Technical
KEYWORDS: brookstone; capitalone; chas; chase; citicorp; collegeboard; computer; cyberattack; cybercrime; email; epsilon; hacked; hacker; hacking; hiltonwalgreens; hsn; jpmorgan; kroger; marriott; phishing; ritzcarlton; security; spam; tivo; usbank
I hope this is ok to post. I didn't find it by searching. I got an email from TiVo tonight, so searched and found this (and other) articles. This seems to be big and maybe getting bigger. There are quite a few companies that appear to be at risk. It seems that only email addresses and names are at risk, (not other info) however, that's enough for the hackers to increase their success at phishing. I had thought it a good idea to get the info out there.
1 posted on 04/02/2011 8:46:25 PM PDT by brytlea
[ Post Reply | Private Reply | View Replies]

To: brytlea

Thanks.


2 posted on 04/02/2011 8:53:51 PM PDT by FreedomOfExpression
[ Post Reply | Private Reply | To 1 | View Replies]

To: brytlea

You would think that an outfit this big — and supposedly professional — would have encrypted this data. Apparently not.


3 posted on 04/02/2011 8:59:04 PM PDT by Nick Danger (Pin the fail on the donkey)
[ Post Reply | Private Reply | To 1 | View Replies]

To: brytlea

We just received a message from the College Board (the folks who run the Advanced Placement exams and the SATs) stating, “We have been informed by Epsilon, the vendor that sends email to you on our behalf, that your e-mail address may have been exposed by unauthorized entry into their system.”


4 posted on 04/02/2011 8:59:40 PM PDT by StayAt HomeMother
[ Post Reply | Private Reply | To 1 | View Replies]

To: StayAt HomeMother

Yeah, sounds basically like what I received from TiVo. Whoever did this apparently now has a LOT of email addresses with names. :(


5 posted on 04/02/2011 9:01:38 PM PDT by brytlea (A tick stole my tagline....)
[ Post Reply | Private Reply | To 4 | View Replies]

To: Nick Danger

This is one reason I have stopped giving my email address to almost anyone, if I don’t have to. Seems that every store I buy something in nowadays wants my email address and I just say, “No thank you.” They always seem surprised. Next time I’ll just mention this fiasco.


6 posted on 04/02/2011 9:04:03 PM PDT by brytlea (A tick stole my tagline....)
[ Post Reply | Private Reply | To 3 | View Replies]

To: brytlea

Thank you. This is the unpteenth time this has happened in the past year or so, but this sounds like one of the biggest.

Ugh.


7 posted on 04/02/2011 9:05:13 PM PDT by mountainbunny
[ Post Reply | Private Reply | To 1 | View Replies]

To: mountainbunny

I wonder if they EVER catch these creeps?


8 posted on 04/02/2011 9:08:01 PM PDT by brytlea (A tick stole my tagline....)
[ Post Reply | Private Reply | To 7 | View Replies]

To: brytlea

I got an e-mail from the college board.


9 posted on 04/02/2011 9:32:15 PM PDT by luckystarmom
[ Post Reply | Private Reply | To 1 | View Replies]

To: brytlea

Thank you for posting. I received an email tonight from collegeboard.com about the epsilon breach, that my first and last name and email were fraudulently accessed. This is why I come to freerepublic when I want breaking news.


10 posted on 04/02/2011 9:42:34 PM PDT by Havisham
[ Post Reply | Private Reply | To 1 | View Replies]

To: Havisham

Got the same email here


11 posted on 04/02/2011 9:44:17 PM PDT by Mom MD (Jesus is the Light of the world!)
[ Post Reply | Private Reply | To 10 | View Replies]

To: Havisham; luckystarmom

I just hope names and emails were really all they got.


12 posted on 04/02/2011 9:47:18 PM PDT by brytlea (A tick stole my tagline....)
[ Post Reply | Private Reply | To 10 | View Replies]

To: brytlea

Thanks! I have online accounts at some on the list.

Just another reminder to look at the email, then open the site from *FAVORITES* (or even Google it) instead of using the links in the email.

Not that I don’t get sloppy now & then when there’s a good sale at an e-merchant I regularly do business with.


13 posted on 04/02/2011 9:54:29 PM PDT by ApplegateRanch (Made in America, by proud American citizens, in 1946.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: ShadowAce

ping!


14 posted on 04/02/2011 9:56:42 PM PDT by bitt ( ..Congress - either investigate Obama ...or yourselves, for complicity)
[ Post Reply | Private Reply | To 1 | View Replies]

To: brytlea

Got an email from US Bank yesterday - they were a target as well.


15 posted on 04/02/2011 9:58:03 PM PDT by TexasNative2000 (Uncertainty: it's the new normal)
[ Post Reply | Private Reply | To 1 | View Replies]

To: brytlea

I don’t know. It doesn’t seem as though they catch these criminals very often.

This sort of thing points to the need for everyone to step up and take responsibility for their own online security. It’s clear that most companies have no intention of helping in any meaningful way.


16 posted on 04/02/2011 9:59:05 PM PDT by mountainbunny
[ Post Reply | Private Reply | To 8 | View Replies]

To: ApplegateRanch

I’ve gotten so paranoid anymore, but it only takes getting sloppy once. It just seems these creepy scoundrels are so pervasive anymore and I guess they are next to impossible to catch.


17 posted on 04/02/2011 9:59:35 PM PDT by brytlea (A tick stole my tagline....)
[ Post Reply | Private Reply | To 13 | View Replies]

To: mountainbunny

I agree, it doesn’t seem like they EVER catch them, and it doesn’t seem that there seems to be any desire on the part of the government (altho it may just be that it’s virtually impossible, I don’t know).

The problem is, you can be careful (I am, extremely so) but it seems the bad guys get smarter and better all the time. I don’t know how long we can stay a step ahead of them. I’m not a techie genius. At some point do we just throw in the towel and give up?


18 posted on 04/02/2011 10:02:17 PM PDT by brytlea (A tick stole my tagline....)
[ Post Reply | Private Reply | To 16 | View Replies]

To: TexasNative2000

None of my banks have sent me anything. Yet.


19 posted on 04/02/2011 10:02:48 PM PDT by brytlea (A tick stole my tagline....)
[ Post Reply | Private Reply | To 15 | View Replies]

To: brytlea

Yeah, I know exactly what you mean.

I looked (in *Preview*) at an email from my auto insurer a couple of months back, and it looked EXACTLY like what I normally get from them, but didn’t seem ‘right’.

I finally noticed in the small print at the end that they had a letter in the acronym wrong. I deleted it without opening, then did a set of scans just to be safe.

I also web-based email accounts, and when something comes to them, no matter what or from whom, I right click on any links in the *PREVIEW*, and hit *PROPERTIES*, and that shows what the REAL address of the link is, no matter what it says it is. It doesn’t get opened if it’s got bad links.

Have to be careful, and check EACH link, because there are often a couple of real links to main site of the real company in th first part & very end, but the “money links” for the actual “offer” in the body of the message are the redirects.

I’ve googled some of them, and most are well know scam operations located mainly in China, Rumania, or Russia, where there is zero chance of doing anything about them.


20 posted on 04/02/2011 10:15:58 PM PDT by ApplegateRanch (Made in America, by proud American citizens, in 1946.)
[ Post Reply | Private Reply | To 17 | View Replies]

To: brytlea

Hrm, I just got an email from US Bank about this very subject.


21 posted on 04/02/2011 10:17:11 PM PDT by eclecticEel (Life, Liberty, and the Pursuit of Happiness: 7/4/1776 - 3/21/2010)
[ Post Reply | Private Reply | To 1 | View Replies]

To: TexasNative2000
Yeah, I got one from them earlier this evening.

At least, it claimed to be from US Bank....

22 posted on 04/02/2011 10:28:56 PM PDT by Hunton Peck (See my FR homepage for a list of businesses that support WI Gov. Scott Walker)
[ Post Reply | Private Reply | To 15 | View Replies]

To: Hunton Peck

I got one also tonite from HSN (Home Shopping Network). I have the feeling this is a rather wide ranging breach of security, with many businesses affected, and thus we are affected. Great. Mine said they are already increasing their security measures. Better late than never,


23 posted on 04/02/2011 11:36:03 PM PDT by flaglady47 (When the gov't fears the people, liberty; When the people fear the gov't, tyranny.)
[ Post Reply | Private Reply | To 22 | View Replies]

To: Hunton Peck

Ha! The Nigerians have no trouble finding me as it is!


24 posted on 04/03/2011 1:02:52 AM PDT by rahbert
[ Post Reply | Private Reply | To 22 | View Replies]

To: Hunton Peck

Ditto. I received the same thing from US Bank this morning. I wonder how huge this breach will turn out to be?


25 posted on 04/03/2011 4:23:06 AM PDT by mplsconservative (Impeach Obama Now!)
[ Post Reply | Private Reply | To 22 | View Replies]

To: rahbert

Yeah, I wondered at first... is this really a big deal and then I wondered...did they get more info than just email addresses? I guess we get to just wait and wonder until a bunch of us find our whole IDs are stolen.


26 posted on 04/03/2011 6:26:37 AM PDT by brytlea (A tick stole my tagline....)
[ Post Reply | Private Reply | To 24 | View Replies]

To: rdb3; Calvinist_Dark_Lord; GodGunsandGuts; CyberCowboy777; Salo; Bobsat; JosephW; ...

27 posted on 04/03/2011 6:27:12 AM PDT by ShadowAce (Linux -- The Ultimate Windows Service Pack)
[ Post Reply | Private Reply | To 1 | View Replies]

To: mplsconservative

Strangely, some of the companies listed have NOT contacted me yet.


28 posted on 04/03/2011 6:27:41 AM PDT by brytlea (A tick stole my tagline....)
[ Post Reply | Private Reply | To 25 | View Replies]

To: brytlea

I know I’m going to keep a close eye on my bank account in the coming days.

Perhaps some companies aren’t sure what to tell their customers yet. This really creeps me out.


29 posted on 04/03/2011 6:40:46 AM PDT by mplsconservative (Impeach Obama Now!)
[ Post Reply | Private Reply | To 28 | View Replies]

To: mplsconservative

Good idea, and good point.


30 posted on 04/03/2011 6:53:55 AM PDT by brytlea (A tick stole my tagline....)
[ Post Reply | Private Reply | To 29 | View Replies]

To: brytlea
I am not impressed by companies that simply give out customer information willy-nilly to third party email marketing companies.

Indeed, banks and other financial institutions are required by law to be conservative and above-board with how they handle customer information given to marketing companies. The Federal Reserve and the SEC have recently issued joint guidelines on this very subject; the press release is at Federal Regulators Issue Final Model Privacy Notice Form, and the model customer privacy notification opt-in form is here.

31 posted on 04/03/2011 8:05:02 AM PDT by snowsislander
[ Post Reply | Private Reply | To 1 | View Replies]

To: snowsislander

Thank you for that info. And before this happened, I have to admit, I really didn’t know they did this.


32 posted on 04/03/2011 8:08:03 AM PDT by brytlea (A tick stole my tagline....)
[ Post Reply | Private Reply | To 31 | View Replies]

To: All; brytlea
The mailing I got said names and corresponding email addresses were taken.

Since a number of companies address you by name in official email as a way to distinguish their correspondence from spam and phishing attempts having names matched to emails could be a problem.

33 posted on 04/03/2011 10:32:32 AM PDT by newzjunkey (Obama will be president until Fri, Jan 20, 2017.)
[ Post Reply | Private Reply | To 26 | View Replies]

To: newzjunkey

Yeah, I’m totally paranoid anymore anyway (had a couple of virii last year, never really figured out for sure how I got them because I thought I was careful—so I’m hyper careful now). But even so, it seems like the bag guys get better and smarter and more clever all the time. :( It’s why I refuse to do online billpay etc.


34 posted on 04/03/2011 3:15:12 PM PDT by brytlea (A tick stole my tagline....)
[ Post Reply | Private Reply | To 33 | View Replies]

To: brytlea; ~Kim4VRWC's~; 1234; 50mm; Abundy; Action-America; acoulterfan; AFreeBird; Airwinger; ...

This is not an APPLE PING but just an alert ping about a major breach of security for email addresses... Just be aware that you may be at increased risk for phishing expedition due to this breach. — Swordmaker


35 posted on 04/03/2011 6:54:42 PM PDT by Swordmaker (This tag line is a Microsoft product "insult" free zone.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: StayAt HomeMother

I got the same message from College Boards. That sure explains the incredible spike in spam for the last few days. Now the question is, how to get rid of it. With all these email addresses out there it will be very difficult to get rid of. I imagine Epsilon is bracing for the inevitable class action suit. Lawyers will make millions and each person who gets spammed will make a couple of bucks.


36 posted on 04/03/2011 8:19:34 PM PDT by newheart (The trouble ain't too many fools, but that the lightning ain't distributed right. -Mark Twain)
[ Post Reply | Private Reply | To 4 | View Replies]

To: brytlea

I got an email from Brookstone about this same thing. I removed myself from their mailing list quickly thereafter, but I suspect my inbox will be full of garbage in the coming weeks.


37 posted on 04/04/2011 4:31:00 AM PDT by rarestia (It's time to water the Tree of Liberty.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: brytlea

I got that same notice from Disney over the weekend.


38 posted on 04/04/2011 4:41:40 AM PDT by kevkrom ("Winning The Future" = WTF = What The F*** / "Kinetic Military Action" = KMA = Kiss My A**)
[ Post Reply | Private Reply | To 1 | View Replies]

To: rarestia

Yeah, I think removing your name now is not going to do any good. Darnit.


39 posted on 04/04/2011 4:20:28 PM PDT by brytlea (A tick stole my tagline....)
[ Post Reply | Private Reply | To 37 | View Replies]

To: newheart

Isn’t that almost as frustrating as the scummy spammers?


40 posted on 04/04/2011 4:22:06 PM PDT by brytlea (A tick stole my tagline....)
[ Post Reply | Private Reply | To 36 | View Replies]

To: brytlea

Add Hilton and Walgreens to the list...


41 posted on 04/05/2011 4:44:52 PM PDT by bobcat62
[ Post Reply | Private Reply | To 1 | View Replies]

To: bobcat62

And Target.


42 posted on 04/05/2011 6:38:07 PM PDT by brytlea (A tick stole my tagline....)
[ Post Reply | Private Reply | To 41 | View Replies]

To: brytlea
Hey I just received notices from Scottrade, Dress Barn, Eddie Bauer... I am sure more will follow soon.

I received over 100 new spam yesterday!!!!

Epsilon should pay!

What are your thoughts?

43 posted on 04/06/2011 10:14:13 AM PDT by StopTheBull
[ Post Reply | Private Reply | To 42 | View Replies]

To: StopTheBull

Interestingly, I haven’t received any spam, yet (altho I bet I will). I don’t know how Epsilon can pay, I’m not sure what they can do for us (we haven’t actually had a financial loss, so legally what can they do for us). An believe me, I’m angry. I suppose they can be made to go out of business, and some lawyers can be made rich, but even if the company were dissolved and all of their assets were divvied up among all of the people affected (or potentially affected) I wonder how much everyone would get (after even reasonable attorney fees)?

I save my real anger for the culprits who perpetuate these sorts of crimes and no one even seems to have an interest in even trying to figure out how to track them down and doing anything to them. On the other hand, I am not giving my email address out to ANYONE anymore unless it is absolutely necessary. In fact, I had stopped doing it about the last year anyway, even tho it’s a bit of a pain as every time you buy something in a store nowadays they ask. I will now tell them no and tell them it’s because of THIS.


44 posted on 04/06/2011 10:48:43 AM PDT by brytlea (A tick stole my tagline....)
[ Post Reply | Private Reply | To 43 | View Replies]

To: brytlea

We got emails from Charter cable and Chase bank that they got our email addresses.

Hopefully nothing comes of it...

Ed


45 posted on 04/06/2011 11:10:45 AM PDT by Sir_Ed
[ Post Reply | Private Reply | To 42 | View Replies]

To: brytlea

Even the little online used book exchange ABE Books was hit.


46 posted on 04/06/2011 11:13:08 AM PDT by Tijeras_Slim
[ Post Reply | Private Reply | To 1 | View Replies]

To: Tijeras_Slim

Yes, I got one from them the other day. I had completely forgotten about them, I guess I must have ordered something from them, but I know it’s been a long time ago.


47 posted on 04/06/2011 12:31:35 PM PDT by brytlea (A tick stole my tagline....)
[ Post Reply | Private Reply | To 46 | View Replies]

To: brytlea

I got an email this morning about this from Scottrade.


48 posted on 04/06/2011 12:38:09 PM PDT by ZX12R
[ Post Reply | Private Reply | To 1 | View Replies]

To: ZX12R

I hope that Epsilon didn’t have any financial info. That’s my major concern.


49 posted on 04/06/2011 12:57:13 PM PDT by brytlea (A tick stole my tagline....)
[ Post Reply | Private Reply | To 48 | View Replies]

Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.

Free Republic
Browse · Search
News/Activism
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson