Identity Theft

Giant Data Breach Hits Nation’s Largest Banks, Retailers

Comments 1 Comment

Phishing_DianaRothstein_DreamstimeA massive data breach at an Internet marketing company has compromised the personal information of customers at some of the nation’s largest banks, retailers and grocery stores. The number of people whose information was exposed is not yet known.

The breach occurred at Epsilon, which handles marketing and e-mail communications with customers for major corporations including Citibank, Best Buy and the Kroger grocery chain. Epsilon did not return calls seeking comment.

But according to a company statement on April 1, an unauthorized user gained access to a portion of Epsilon’s e-mail system. Security Week reports the list of companies affected by the breach includes Citibank, JP Morgan Chase, US Bank, Kroger, Walgreens, Best Buy and TiVo.

So what’s the big deal about having your e-mail information breached, particularly in this case? As Security Week points out, hackers gained access to the companies’ customer lists.  This gives them the advantage of tying your full name and e-mail to the companies and financial institutions of which you’re a customer.  They can use this information to give a sense of legitimacy to bogus (but usually very official-looking) e-mails in which they ask you for passwords or other sensitive information.  This is what’s known as “spear phishing.”  Here’s an excellent guide on spotting and avoiding Internet scams.

[Related article: How to Spot, and Avoid, Internet Scammers]

In related news, a restaurant company that failed to protect its patrons’ personal information agreed to pay a $110,000 fine for failing to follow Massachusetts’ tough data privacy law. The Briar Group owns popular bars and restaurants around Boston including MJ O’Connor’s, The Lenox, Ned Devine’s, The Harp and The Green Briar.

“When consumers use their credit and debit cards at Massachusetts establishments, they have an expectation that their personal information will be properly protected,” Attorney General Martha Coakley said in a press release.  “Our office will continue to take action against companies that fail to implement basic security measures on their computer systems to protect the sensitive information entrusted to them by consumers.”

The company put the credit card information of tens of thousands of people at risk of identity theft, according to the release. Hackers installed software on the company’s computer systems in April 2009 to steal customers’ credit and debit card information; the malware wasn’t removed until December 2009.

Nevertheless, it continued to accept credit and debit cards even after it knew of the breach, according to the release. The company also failed to secure its in-store computers.

[Identity Theft: Free Identity Risk Score and profile from Credit.com]

Image © Dana Rothstein | Dreamstime.com

Please note that our comments are moderated, so it may take a little time before you see them on the page. Thanks for your patience.

  • Carlissa

    I must have been one of the unfortunate ones to get hit. I had a charge in my banking account from Data Exchange Corp for $9.99. When I called the company she told me she had been answering nothing but fraud calls all morning. Called the bank and had to cancel my debit card and get a new one. It pays to look at your account daily. There are folk out there that just won’t leave well enough alone.

  • Pingback: Giant Data Breach Hits Nation’s Largest Banks, Retailers - Identity Theft 911 Blog()

Find out where you stand.
Get your FREE personalized credit report card.

Sign Up Now
X

Stay Connected to Our Experts

Please submit your email address to get credit & money tips & advice
from our team of 30+ experts, delivered weekly to your inbox.