Giant Email Security Breach

You are probably going to receive one or more emails, reading something like this:

“Today we were informed by Epsilon Interactive, our national email service provider, that your email address was exposed due to unauthorized access of their system. We have been advised that the only information that was obtained is your name and email address.”

That’s nice.

I’ve received four such emails, including two from Ralphs Supermarket (interestingly, the first one says “Dear Christian Boyce” while the second one says “Dear Valued Customer”), one from Best Buy, and one from Robert Half International. Citibank, Walgreen’s, and the Home Shopping Network are other companies who use Epsilon for their email marketing, along with many, MANY others. Several of these companies have sent out breezy little emails to their customers saying “Sorry about that, and watch out for viruses in emails from people you don’t know. It is possible that you may receive some spam email messages. We apologize for any inconvenience.” I would call this more than “inconvenient” but that’s just me.

Besides making a note to stay away from Epsilon (but good luck with that– they are the world’s largest email marketing service, sending out more than FORTY BILLION EMAILS PER YEAR, for over 2500 companies), there’s not much you can do, especially considering we don’t know what happened. Epsilon put out a one-paragraph press release on April 1st, 2011 (no fooling) that’s a little on the vague side. They don’t say when the security breach happened, they don’t say how many email addresses were obtained, they don’t say whether it was an inside job. They DO say that apart from names and email addresses “no other personal identifiable information associated with those names was at risk.” Somehow I don’t find this very reassuring. If we had asked them last Thursday they would have said that NONE of the information they store was at risk at all. And they would have been wrong about that. So maybe they’re wrong this time too.

It would be a good idea to be extra suspicious of emails that appear to come from a bank or a retailer asking you to “verify your information by replying to this email with name, address, social security number, and PIN.” Such emails are phony and you shouldn’t reply at all. If you get an email asking for that kind of information just throw it away. You should have been doing that all along but if you haven’t been, start now.


by


3 thoughts on “Giant Email Security Breach

  1. I agree… a bit more than "inconvenient" – especially when some of that spam may include virus'. And not at all convinced that other information wasn't also "at risk".

    Good advice. I'd add that important usernames and passwords should be changed as well. And make sure NONE of your usernames are the same as your email.

    So, on a side note, is there anything you advise people to have on their Mac to protect from virus'? I always heard they were so much safer from the virus' and trojans that attack PC's. Is that true?

  2. You're right about changing usernames and passwords– just be careful that the forms you're using to do it aren't faked by the spammers. If you go directly to a website, such as Target.com or BestBuy.com or Ralphs.com, and sign in and change your password there, that's good. If you get an email from Target or Best Buy or Ralph's with a link to a password-changing website, that's bad. Don't fall for that!

    Virus protection on the Mac: first, it's a more secure operating system than Windows, so it's harder to attack. Second, since a virus or trojan horse is more successful when it infects more machines, the market share percentage of the Mac makes it a less attractive target. When I do install anti-virus software I use Virus Barrier.

  3. Thanks for the Mac/virus info! Been curious about that.

    And you're right! I should have said that – don't change passwords or usernames through ANY links. Only directly on the website! 🙂

    Thanks for all the info you share

Leave a Reply

Your email address will not be published.