homepage Welcome to WebmasterWorld Guest from
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Become a Pro Member
Home / Forums Index / WebmasterWorld / Ecommerce
Forum Library, Charter, Moderators: buckworks

Ecommerce Forum

More Retailers Warn of Security Breach

 2:23 pm on Apr 4, 2011 (gmt 0)

More Retailers Warn of Security Breach [latimes.com]
Best Buy Co., TiVo Inc., and Walgreen Co. are the latest in a seemingly endless string of companies to warn over the weekend that hackers gained access to customers' files, including email addresses.

The companies all use the same marketing and communications vendor, Epsilon. It's a leading marketing services firm that sends more than 40 billion emails annually and has more than 2,500 clients including seven of the Fortune 10. Epsilon, based in Dallas, issued a brief statement on Friday saying "a full investigation was under way" following the discovery of the breach of some customer client data. The company said that information obtained was limited to names and email addresses and that "no other personal identifiable information associated with the names was at risk."

[edited by: tedster at 11:56 pm (utc) on Apr 4, 2011]
[edit reason] spelling error [/edit]



 3:43 pm on Apr 4, 2011 (gmt 0)

Yup- I got several notification e-mails from companies over the weekend about the breach. Luckily, I used the same e-mail for all of them. And it's a Hotmail account, which does a fairly decent job of spam filtering. I almost never follow links in any e-mails sent from those companies anyway (always use my bookmarked links to logon to those sites).


 6:10 pm on Apr 4, 2011 (gmt 0)

Got a notice from TiVo dated Sunday. "Important Information About Your Account"

"information that was obtained was limited to first name and/or email addresses only."

Let's hope


 7:22 pm on Apr 4, 2011 (gmt 0)

Oh no! That means I'm going to get emails from fake companies trying to pretend to be real companies trying to sucker information out of me.

So uh... basically no different than any other day on the Internet. So basically they don't have access to anything they couldn't get off facebook anyway?


 8:37 pm on Apr 4, 2011 (gmt 0)

Add LL Bean to the list of brands impacted. Beans sent an email as reassuring as possible that the breach is name and email only. Time will tell ...


 10:00 pm on Apr 4, 2011 (gmt 0)

Wow, epsilon must be ruined. Shows the perils of doing business in the big leagues: great rewards but better be careful or else...


 10:00 pm on Apr 4, 2011 (gmt 0)

Got notice from my bank yesterday, not good.


 10:18 pm on Apr 4, 2011 (gmt 0)

Now up to 5 notifications...


 12:32 am on Apr 5, 2011 (gmt 0)

Add Chase Bank to the list


 2:46 am on Apr 5, 2011 (gmt 0)

Add Chase Bank to the list
Known as Chase Manhattan Bank; Merged with Chemical Bank; Merged with J. P. Morgan & Co.
Currently: JP Morgan Chase.

From their email: We have a team at Epsilon investigating and we are confident that the information that was retrieved included some Chase customer e-mail addresses, but did not include any customer account or financial information. Based on everything we know, your accounts and confidential information remain secure. As always, we are advising our customers of everything we know as we know it, and will keep you informed on what impact, if any, this will have on you.


 2:49 am on Apr 5, 2011 (gmt 0)

I just got the same basic email from Air Miles, so they're affected too! First, last names, email only according to them.


 12:05 pm on Apr 5, 2011 (gmt 0)

I get being hacked. If youíre in this business long enough everyone gets bit. I hope that it was not a stupid mistake. Why do so many big companies use Epsilon? How have they amassed such a portfolio of high profile clients? I sent about 25 million e-mails per month from my own proprietary systems. Not SPAM. These are highly sophisticated permission based customer communications. I have solid penetration into all email service providers, a great Sender Score reputation, solid reporting and terrific ROI. I do this at a fraction of the cost of Epsilon. All in, I'm under $50k per year including template markup and testing. So why are firms lining up to use expensive firms like Epsilon? I donít get it! I guess is is all about build vs. buy. I'm a build guy.


 12:06 pm on Apr 5, 2011 (gmt 0)

Oh. I forgot to mention that I'm not an ESP. My main business is not sending e-mail. This is just part of running a modern Web site.


 12:09 pm on Apr 5, 2011 (gmt 0)

All of these retailers (and banks) are claiming only name and email were obtained. I think they are being misleading though. Each of those companies likely has preferences stored with your email address, whether it is the type of product/service you have bought or have indicated you are interested in.

If the database was breached, surely this data was visible also. It may not be as sensitive as credit card info or financial info but it is more than they are claiming.


 1:35 pm on Apr 5, 2011 (gmt 0)

Add 1800flowers.com to the list.


 2:23 pm on Apr 5, 2011 (gmt 0)

At least you guys got a notice, I have accounts with some of the companies named and I have received ZERO notice.


 2:28 pm on Apr 5, 2011 (gmt 0)

I have accounts with some of the companies named and I have received ZERO notice.

I do as well but a lot of them are Mom and Pops. I'm with some big players also but as yet haven't heard anything.


 3:11 pm on Apr 5, 2011 (gmt 0)

i got a warning from Disney Destination travel folks.

also reported here:


 3:12 pm on Apr 5, 2011 (gmt 0)

abc news list of affected companies:


 3:48 pm on Apr 5, 2011 (gmt 0)

Not sure how many of those companies use the customer's e-mail address for the login. If so, I would certainly demand the login e-mail address be changed to something else.

I also wouldn't be posting on a public forum which companies had my e-mail address (especially if it was the login).

I think they are being misleading though. ... If the database was breached, surely this data was visible also.

I am also skeptical, but that is not necessarily the case. All the data may not be in the same table or even the same database (or even on the same server). And even if it is, there may be granular security settings that really did limit the breach to name & email. (e.g., different security is needed for the different information, but only the security for the basic information was compromised.)


 11:36 am on Apr 6, 2011 (gmt 0)

Customers of Verizon Communications had their email addresses exposed in a massive online data breach last week, according to an email to customers obtained by Reuters.

No word from Verizon about my account.


 12:37 pm on Apr 6, 2011 (gmt 0)

"No word from Verizon about my account."

Check your email again. Verizon emailed me twice, to let me know of the breach and then another time to change my password and credit card.


 3:38 pm on Apr 6, 2011 (gmt 0)

So why are firms lining up to use expensive firms like Epsilon?

It's all about accountability. If and when there is a breach of security, they can lay it on someone else's doorstep, fire the provider, and move on without any lasting damage to their brand.


 5:25 pm on Apr 6, 2011 (gmt 0)

Co worker got one from Beachbody today. This is madness, talk about all your eggs in one basket . . .


 2:42 am on Apr 8, 2011 (gmt 0)

Didn't take long to get my first phishing attempt from the breach- just got one pretending to be from one of the companies involved. Very low quality work- typos, bad grammar, and poor design.

Global Options:
 top home search open messages active posts  

Home / Forums Index / WebmasterWorld / Ecommerce
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved