Epsilon Data Breach
Epsilon, an online marketing unit of Alliance Data Systems Corp (http://www.epsilon.com) announced on April 1 that a sophisticated outside intrusion had taken place and some customer files had been breached. So far they are reporting that the target was names and email addresses from databases they use in the process of marketing for the following companies (not all company names are available yet - list is from a variety of sources):
- 1-800-Flowers
- Abe Books
- Air miles
- American Express
- Ameriprise Financial
- Astra Zeneca
- BeBe Shoes
- Benefit Cosmetics
- Barclays Bank of Delaware
- Beachbody (Makers of TRX)
- BestBuy
- Borders
- Brookstone
- Blackstone Group LP's Hilton Hotels
- Capital One
- Citibank
- City Market
- College Board - which represents some 5,900 colleges, universities and schools
- Dillons
- Disney Destinations - Disney Vacations
- Eddie Bauer
- Eileen Fisher
- Ethan Allen
- Food 4 Less
- Fred Meyer
- Fry’s
- Hilton Honors
- The Home Shopping Network (HSN)
- Jay C
- JP Morgan Chase
- King Soopers
- Kraft Foods Inc
- King Soopers
- Kroger
- Lacoste
- L.L. Bean Visa Card
- McKinsey & Company or McKinsey Quarterly
- Marriott Rewards - also had their membership rewards points exposed
- Money Gram
- New York & Company
- QFC
- Ralphs
- Red Roof Inn
- Ritz Carlton Rewards - also had their membership rewards points exposed
- Robert Half
- Scottrade
- Smith Brands
- Target
- TD Ameritrade
- TIAA-CREF
- TiVo
- US Bank
- Verizon Communications Inc.
- Visa
- Walgreens
This was a sophisticated attack and it is likely the "phishing emails" that will be delivered to inboxes will also be very sophisticated and will look authentic. Don't click on any email that requests that you verify your account, asks you to sign-in, re-register, approve your new password or any link that comes in an email. As information become available this post will be updated.
Websites with more information:
http://www.securityweek.com/massive-breach-epsilon-compromises-customer-lists-major-brands
http://www.bankinfosecurity.com/articles.php?art_id=3502
http://krebsonsecurity.com/2011/04/epsilon-breach-raises-specter-of-spear-phishing/
4/6/11 - updated list of exposed companies
April 4, 2011