Tivo, Walgreens, Citi Amongst Others Hit By Epsilon Security Breach
By on April 3rd, 2011

Epsilon, a marketing firm acquired by Alliance Data which handles loyalty marketing of  several  big brands, was hit by a security breach.  This security breach resulted in infiltration of their email systems. Epsilon maintains that only a subset of their user data was harvested and as of now, only the email address and usernames were gathered.

Security Now which  initially reported that only  Kroger, United States’ largest traditional grocer was hit, now has confirmed that several big brands were also affected. Some of the brands hit include

  • Brookstone
  • Citi
  • Home Shopping Network
  • JP Morgan Chase
  • Kroger
  • Marriott Rewards
  • McKinsey & Company
  • New York & Company
  • Ritz-Carlton Rewards
  • The College Board
  • TiVo
  • US Bank
  • Walgreens

Epsilon’s  assessment has determined that no other personally identifiable information is at risk and are currently investigating the matter.

Citi tweeted about the breach with a link to the message on Citi’s site, calling upon users to be careful about phishing scams via email.


Please be careful of phishing scams via email. Statement from Citi for our valued Customers regarding Epsilon & email http://citi.us/dQuCp0less than a minute ago via CoTweet

TiVO has also issued a public interest message, maintaining that no Credit Card details and other such personally identifiable information was available to Epsilon and as such, such data is safe.

While it might be conceived that customer names and email address harvesting does not pose much of threat, such data in the hands of spammers is likely to result in a much more personalized phishing attack  attempts.

To be safe from phishing, never click on links or open email attachments from unknown sources. Remember: No one will ever ask to confirm your password/Credit Card details by entering them in a webpage!

 

Tags: ,
Author: Sathya Bhat Google Profile for Sathya Bhat
Sathyajith aka "Sathya" or "cpg" loves working on computers, and actively participates in many online communities. Sathya is a Community Moderator on Super User, a collaboratively maintained Q&A site which is part of the Stack Exchange network. Sathya also contributes to and is a Super Moderator at Chip India Forums. While not writing SQL queries or coding in PL/SQL, Sathya is also a gamer, a Linux enthusiast, and maintains a blog on Linux & OpenSource. You can reach Sathya on twitter.

Sathya Bhat has written and can be contacted at sathya@techie-buzz.com.
  • PJ Avatar

    The following is a string I started with Tivo customer support. I think some might find it interesting. Read from the bottom up.

    Subject:
    Epsilon security breach

    Reference number: xxxxxxxxxxxx
    Category:
    Product (optional):
    Created date: 04/03/2011 07:07 AM
    Updated: 04/03/2011 12:46 PM
    Status: Updated by Customer
    Customer (P J) 04/03/2011 12:46 PM
    >>> We keep records of your email address on file as a normal part of the system in case you wanted to return
    So even though I never opted IN.. my information is given to a third party as a matter of routine once I become a customer? Is that correct?
    >>>Even though your account is closed..
    It is not closed.. I simply asked not to be sent marketing email.
    >>>> we do not have the ability to delete all your information
    WHY? Is it because you gave it to someone else and you do not have control of their system? Is that the reason? Is that a responsible way of protecting your customers contact information?
    >>>be extra careful to not open attachments or click on links in email from people unfamiliar to you
    But what do you say to emails that spoof your return address and might have a link that goes to a phishing site? How am I to know if an email is legit?
    >>>The following link..
    This email in itself would be suspect. The link in your response email could have directed me, or anyone else, to a site that can do harm or harvest information. How are we, as your customers who trusted you with our contact information, supposed to know the difference?
    Response (Kaitlyn) 04/03/2011 11:47 AM
    Hello PJ,

    Thank you for contacting TiVo Customer Support. I would be glad to help you with your concern about an email sent by TiVo. We keep records of your email address on file as a normal part of the system in case you wanted to return and re-open your account. Even though your account is closed we do not have the ability to delete all your information. Absolutely none of your personal information other than possibly your first name as well as email was able to be accessed. Additional layers of security are being added to prevent unauthorized access.

    TiVo apologizes for the incident and any inconvenience. Let me assure you that no financial or other personally identifiable account information was accessed in this incident. All other information remains secure. We sent you the email to let you know what happened and to remind you to be extra careful to not open attachments or click on links in email from people unfamiliar to you. The following link has further information on the issue that will answer further questions you have.

    http://pr.tivo.com/easyir/customrel.do?easyirid=CA934452BA6418EF&version=live&prid=740034&releasejsp=custom_150

    XXXXXXXXX is the reference number for this inquiry. Please refer to this number if you choose to contact us again regarding this request. In order to respond to this email, please log into your account at http://www.tivo.com/mysupport. Replies directly to this email will not be received.

    Sincerely,
    Kaitlyn

    TiVo Customer Support Representative
    http://www.tivo.com/support
    http://forums.tivo.com
    Response (Kaitlyn) 04/03/2011 11:47 AM
    Hello PJ,

    Thank you for contacting TiVo Customer Support. I would be glad to help you with your concern about an email sent by TiVo. We keep records of your email address on file as a normal part of the system in case you wanted to return and re-open your account. Even though your account is closed we do not have the ability to delete all your information. Absolutely none of your personal information other than possibly your first name as well as email was able to be accessed. Additional layers of security are being added to prevent unauthorized access.

    TiVo apologizes for the incident and any inconvenience. Let me assure you that no financial or other personally identifiable account information was accessed in this incident. All other information remains secure. We sent you the email to let you know what happened and to remind you to be extra careful to not open attachments or click on links in email from people unfamiliar to you. The following link has further information on the issue that will answer further questions you have.

    http://pr.tivo.com/easyir/customrel.do?easyirid=CA934452BA6418EF&version=live&prid=740034&releasejsp=custom_150

    XXXXXXX is the reference number for this inquiry. Please refer to this number if you choose to contact us again regarding this request. In order to respond to this email, please log into your account at http://www.tivo.com/mysupport. Replies directly to this email will not be received.

    Sincerely,
    Kaitlyn

    TiVo Customer Support Representative
    http://www.tivo.com/support
    http://forums.tivo.com
    Customer (PJ) 04/03/2011 07:07 AM
    If I opted out of all promotional emails, why did Epsilon have my info in the first place? This is why I opt out.. do you share my info with a third party vendor in spite of that request?

  • Pingback: Best Buy, TiVo & Walgreens Security Breach? - Fun Being Frugal

  • Trudy

    Last year I had fraud in every account I have with BOA. I’ve received all money back but manager who said he was now watching things for me left for Merrill Lynch. This morning I get something from TIVO. I know of Tivo but don’t own one.
    Is my AVG not working?
    Confused and concerned.

 
Copyright 2006-2012 Techie Buzz. All Rights Reserved. Our content may not be reproduced on other websites. Content Delivery by MaxCDN