Air Miles among firms hit by huge data breach (JPMorgan, TiVo, Citigroup, more)

Source: CBC

A growing list of companies including giant rewards firm Air Miles and hotelier Marriott are among the businesses been affected by a massive U.S. data breach.

News of the breach, which affects some of the top companies in North America and is being labeled as one of the biggest of its kind in U.S. history, comes after Dallas marketing firm Epsilon said last Friday that it was investigating the discovery of the breach of some customer client data.

The companies involved include:

Air Miles
Best Buy
Target
Marriott
Hilton Hotels
AbeBooks.com
US Bancorp
JPMorgan Chase
Citigroup
Capital One Financial
Kroger
Walgreen
TiVo
HSN
The College Board

Epsilon, a marketing services company that controls email databases for more than 2,500 business clients, sends more than 40 billion emails a year.

Read more: http://www.cbc.ca/news/business/story/2011/04/05/business-data-breach.html

---

Watch out for more targeted phishing.
http://en.wikipedia.org/wiki/Phishing

If you have taken a Disney vacation in the last several years, they have your email and Epsilon managed them.

could be affected. They probably have our email and our daughter's email several times over since the College Board was one of the ones hit also.

UGH!!!

http://www.pcmag.com/article2/0,2817,2383085,00.asp

So, they have my email address. Who cares?

Affected companies are stressing that no personal, financial information was disclosed, but email addresses can still be an effective tool for the crafty phisher. More than likely, the emails will be used for spam purposes, but the more sophisticated individual could send out emails that look like they're from a legitimate company.

What do I do?

Main rule of thumb - don't provide any personal information. Best Buy is not going to ask you to click on a link and enter your credit-card information. Citi will not ask you to confirm your Social Security number via email. When in doubt, don't. Call the company to double check, and forward the email to spam@uce.gov.

I'm not pleased. Can I prevent this from happening again?

As you can see from the long list of affected companies, it's difficult these days to avoid companies that deal with third-party marketers. The good news in this case is that no personal financial data was exposed, so if you pay attention to the emails you receive in the future, and avoid clicking on or downloading suspicious links and attachments, you'll probably be OK. You can also create an email address that's used only for e-commerce and company correspondance. It's still annoying, however, and I, for one, seriously considered cancelling the credit cards I have with the affected companies. How hard is it to manage your own email list?

The Coalition Against Unsolicited Commercial Email (CAUCE) has a few suggestions for how companies can avoid this in the future. And as Alex Eckleberry, general manager of GFI Software's Security Business Unit, notes, "this type of incident should not be taken lightly. It's another reminder that privacy is an illusion on the Internet."

1800 flowers comes to mind. I think there are more.