Security breach at email provider exposes customers of major firms

A recent security breach at a company that manages email communications has exposed data on customers of some of its high-powered clients. Epsilon said it detected last March 30 an "unauthorized entry" into its email system but added the information obtained was "limited." "On March 30th, an incident was detected where a subset of Epsilon clients' customer data were exposed by an unauthorized entry into Epsilon's email system. The information that was obtained was limited to email addresses and/or customer names only. A rigorous assessment determined that no other personal identifiable information associated with those names was at risk. A full investigation is currently underway," it said in a press release. Tech site CNET reported that Epsilon's clients include TiVo, JP Morgan Chase, Capital One Financial, and the Kroger grocery chain. CNET quoted TiVo as saying that Epsilon "does not have access to service information or credit card details and all such personally identifiable information remains secure." Chase and Capital One similarly assured that financial data did not appear to be at risk. "Chase is letting our customers know that we have been informed by Epsilon, a vendor we use to send emails, that an unauthorized person outside Epsilon accessed files that included email addresses of some Chase customers. We have a team at Epsilon investigating and we are confident that the information that was retrieved included some Chase customer email addresses, but did not include any customer account or financial information," Chase said. "Based on everything we know, your accounts and confidential information remain secure. As always, we are advising our customers of everything we know as we know it, and will keep you informed on what impact, if any, this will have on you," it added. It reminded its customers to "be cautious if you receive emails asking for your personal information and be on the lookout for unwanted spam. It is not Chase's practice to request personal information by email." Similarly, Capital One reminded its customers it is investigating the incident. It reminded customers to ignore emails asking for confidential account or log-in information and remember that familiar looking links in an email can redirect to a fraudulent site. "If you get an e-mail that claims to be from us but you aren't sure, or you think it's suspicious, don't click any of the links. Just send it to us at abuse@capitalone.com then delete it. More information on fraud prevention is available at www.capitalone.com/fraud/prevention/phishing.php," it said. Kroger's website contained an FAQ section on the email breach and cautioned customers against opening email from people they do not know, lest it turn out to be spam. "In many cases, it won't (affect you). Only names and email addresses were taken, and all other customer information is secure. You may receive some unsolicited emails (spam) as a result of this incident. Kroger wants to remind you not to open emails from senders you do not know," it said. "Also, Kroger would never ask you to email personal information, such as credit card numbers or social security numbers. If you receive such a request, it did not come from Kroger and should be deleted," it added. — TJD, GMA News